The FinOps and Digitial Solutions divisions have access to a SnowFlake instance.  

  • Within in the Snowflake instance a database is created for each client where data will be imported.  
  • Each client engagement that incorporates use of the Snowflake instance will have separate roles with access to the client specific databases and warehouses.
  • A client specific container in an Azure storage account may also be created and configured to use as a "stage" in Snowflake.


Access


Access to Snowflake should be requested through creating a ticket with IT via the SnowFlake Access Request service request.


IT will grant users access to Snowflake through group memberships that provide role based access controls.  IT may also review the user's VPN configuration to enable connecting to Snowflake services.  


  • An active connection to the Connor Group VPN is required for all access to Snowflake services.  


After IT has granted the user to necessary rights to the Snowflake application it can take up to 40 minutes for the automated provisioning process to create the account in the SnowFlake service.  


Single sign-on to Snowflake has been configured.  Users that have been configured to access Snowflake can do so navigating to snowflake.connorgp.com.  The application can also be accessed from myapps.microsoft.com and clicking on the app for "Snowflake ...".  Clicking the "Log in using AzureAD" will log the user into Snowflake.  The user will not have a username and password to enter.  




The Snowflake URL for FinOps / Digital Solutions is:

is09309.west-us-2.azure.snowflakecomputing.com



Usage Guidelines


It is paramount that we all follow the below security requirements when working with Snowflake and client data. This is to implement best practices to reduce risk and to adhere to client contractual requirements.

 


IMPORTANT:


  1. No co-mingling client data in the same database.
    1. Do not create a database or schema that has data from multiple clients.
    2. One database = One client.

 

  1. No co-mingling client data in the same Azure Storage container.
    1. Do not use a single Azure Storage folder for multiple clients.
    2. One folder = One client.

 

  1. Provisioning additional resources and access by submitting a ticket to IT Support [email protected].
    1. For additional clients we will set up a separate database and azure storage folder.
    2. Access to each client database will only be granted to the individuals working on the client’s engagements.

 

To ensure we’re adopting Snowflake correctly, we will be auditing usage on a regular basis. With the audit results we may reach out to confirm resources and access.

 

If you have any questions or concerns with the above or as we use Snowflake, please ask. We’re here to help facilitate what you need and make sure we are being security aware too.



Client Configuration

See the client configuration article for information about connecting to databases with clients other than the web UI.