Working with data shares

Guide objective

This guide helps you understand how to work with data shares in Agile Data Engine.

In cloud data warehouses, it is a common practice to share data to stakeholders directly from the database. In this guide, you will learn how to manage shareable objects with ADE.

Snowflake

With ADE, it is possible to manage objects which belong to a share. For example, secure views can be granted to a share.

See also:

Working with Shares (Snowflake documentation)

Example

In this example, a Snowflake secure view is added to a data share.

The data share already exists and has been created according to Snowflake documentation.
New secure view F_SALES_V is created in ADE.
The secure view is granted to the share.

Using entity permissions

In CONFIG_ENTITY_PERMISSIONS configuration package, it is possible to define grantable objects such as roles and data shares.

For example, in the this configuration JSON, data share with the name community_share is added as a grantee and its type is SHARE:

JSON

    "grantees": [
        ...,
        {
            "granteeId": 3,
            "granteeName": "community_share",
            "granteeType": "SHARE"
        }
    ],
    "granteeTypes": [
        ...
        {
            "granteeType": "SHARE",
            "description": "For granting permissions for shares"
        },
        ...
    ]

Creating secure view and adding it to a share

First, create a view in ADE including its attributes and logic or select an existing view.

Set physical option STORAGE.SECURE_VIEW = true. This will create the view as a secure view in Snowflake:

On the Permissions tab, in section Share permissions, grant SELECT permissions to the defined share:

With these definitions in place, Agile Data Engine will execute the following grant on the secure view during deployment:

SQL

GRANT SELECT ON VIEW community.F_SALES_V TO SHARE community_share;