Benchmark: Identity and Access Management
Overview
Once your Snowflake account is accessible, the next step in gaining access to Snowflake is to authenticate the user. Users must be created in Snowflake prior to any access. Once the user is authenticated, a session is created with roles used to authorize access in Snowflake.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-snowflake-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Identity and Access Management.
Run this benchmark in your terminal:
powerpipe benchmark run snowflake_compliance.benchmark.security_overview_iamSnapshot and share results via Turbot Pipes:
powerpipe benchmark run snowflake_compliance.benchmark.security_overview_iam --shareControls
- Disable Snowflake authentication for all non-administrator users
- Enable MFA for users to provide an additional layer of security
- Set the default_role property for users
- Use managed access schemas to centralize grant management
- At least two users must be assigned ACCOUNTADMIN role
- ACCOUNTADMIN role must not be set as the default role for users
- Ensure an email address is specified for users with ACCOUNTADMIN role