- Creating users & roles using SQL or automation tools
- Implementing Role-Based Access Control (RBAC) with least-privilege principles
- Managing role hierarchies and using
SHOW GRANTS for auditing
- Enforcing multi-factor authentication (MFA) and SCIM integrations with identity providers (Okta, Azure AD)
CREATE USER analyst1 PASSWORD='temp' DEFAULT_ROLE=ANALYST;
GRANT ROLE ANALYST TO USER analyst1;
GRANT USAGE ON DATABASE sales TO ROLE ANALYST;
- Creating and applying network policies to restrict access by IP
- Applying policies at the user or account level
- Preventing lockouts by testing policies safely
CREATE NETWORK POLICY corp_policy
ALLOWED_IP_LIST = ('198.51.100.0/24')
BLOCKED_IP_LIST = ('0.0.0.0/0');
ALTER ACCOUNT SET NETWORK_POLICY = corp_policy;
- Configuring warehouse sizing and scaling policies for cost optimization
- Using auto-suspend and auto-resume
- Setting up separate compute for dev/test, ETL, BI workloads
CREATE WAREHOUSE reporting_wh
WAREHOUSE_SIZE = 'XSMALL'
AUTO_SUSPEND = 300
AUTO_RESUME = TRUE;
- Setting up resource monitors to control credit usage
- Notifying or suspending warehouses when limits are reached
CREATE RESOURCE MONITOR daily_limit
WITH CREDIT_QUOTA = 100
TRIGGERS ON 90 PERCENT DO NOTIFY
TRIGGERS ON 100 PERCENT DO SUSPEND;
- Managing retention periods, data storage policies, and cloning
- Reducing costs via automatic purging and controlling Time Travel (1–90 days)
ALTER TABLE sales SET DATA_RETENTION_TIME_IN_DAYS = 1;
- Implementing data masking and tag-based access control
- Using classification tags for PII, HIPAA, GDPR compliance
- Enabling access history auditing and querying
ACCESS_HISTORY views
- Managing lifecycle of databases, schemas, and stages
- Using schema evolution tools (e.g., DBT, Terraform, Flyway)
- Automating daily cleanup procedures for unused or temporary objects
- Querying
QUERY_HISTORY, TASK_HISTORY, and WAREHOUSE_LOAD_HISTORY
- Identifying bottlenecks, long-running queries, and warehouse under/overutilization