Module 7 · Snowflake Governance & Security

The skill requirement calls out Snowflake RBAC and column-level security specifically. Utilities have regulated PII (customer billing addresses, SSNs for credit checks), so expect this to come up in interview scenarios.

Required skill · s5 (paraphrased)

Data governance: Snowflake RBAC and column-level security.

Your coverage: Gap

What we're assuming

Access control concepts: IAM roles, K8s RBAC, secret rotation — you understand role-based design.
Security posture: compliance-driven work experience — you know how to think about audit & least-priv.
No Snowflake-specific exposure — this is the translation gap.

What we modify for your background

Skip: "what is RBAC," "why least privilege matters."
Emphasize: Snowflake's built-in role hierarchy (ACCOUNTADMIN → SECURITYADMIN → SYSADMIN), the functional-role vs access-role pattern, how column masking works as a SQL expression.
Utility twist: We model the exercise around the actual challenge — meter reads ≠ sensitive, customer PII ≠ engineer-viewable, finance-view ≠ analyst-view.

Want more depth?

See Credits → Module 7. Snowflake's Security Best Practices whitepaper is the most useful single document.

Lessons

Lesson 7.1 — RBAC, the Snowflake Way crash deep
Lesson 7.2 — Column-Level Security with Masking Policies crash deep
Lesson 7.3 — Row Access Policies + Tag-Based Governance deep

Exercises

Exercise 7.1 — Design an RBAC Model for a Utility's Customer PII crash deep

← Module 6 Start lesson 7.1 →