Skip to content

You are viewing documentation for Immuta version 2022.5.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

cancel

Create a Snowflake Project Workspace

Audience: Project Owners and members

Content Summary: This tutorial configures a Snowflake workspace.

Use Case

Compliance Requirement: Users can only WRITE to specified locations in Dev, and these users need to share this data with other Dev users.

After Dev users have analyzed data, they need to write content back to Immuta and share it with other Dev users. To allow them to write data back to Immuta, project owners need to create workspaces for their projects. Then, users can share the data they've written to Immuta with other users as derived data sources.

1 - Create a Snowflake Workspace

Workspaces can be enabled in the New Project modal when creating a new project, but project owners can enable this feature at any point on the project's Policies tab.

  1. Navigate to the Policies tab and enable Project Equalization by clicking the Project Equalization slider to on.

  2. Scroll to the Native Workspace section and click Create.

    Create Native Workspace

  3. Select Snowflake from the Workspace Configuration dropdown menu.

    Native Snowflake Workspace

  4. Name the Workspace Schema. By default, the schema name is based off of the project name, but you can change it here. Your project workspace will exist within this schema under Snowflake under the database configured by the Application Admin.

  5. Use the dropdown menu to select the Hostname. Projects can only be configured to use one Snowflake host.

  6. Select one or more Warehouses to be available to project members when they are working in the Snowflake workspace.

  7. Click Create to enable the workspace.

2 - Write Data to the Workspace

Once the workspace is created, project members will see relevant data sources in the Snowflake UI when working under the project context.

  1. Select the Role created by the project workspace. The role created will be a combination of the database name (configured by the Application Admin) and the schema name (set in the previous section by the project owner). In this scenario, the role created was KW_TEST_DEV_MY_PROJECT:

    Select Snowflake Role

    Role Not Selected

    Because this user has not yet selected the correct role (KW_TEST_DEV_MY_PROJECT), no project data is visible in the Results window.

    Snowflake Role Not Selected

    Role Selected

    The user has selected the KW_TEST_DEV_MY_PROJECT role, so the project data is now visible.

    Snowflake Role Selected Data Visible

  2. Create a table in Snowflake. In this example, the user created a new table in Snowflake based on the "Rate_Code" column in Taxi_Timeshift: Highest_Rates.

    Snowflake Table Created

Now that data has been written to the workspace, users can share this data with others by making it a derived data source in Immuta.

Delete a Workspace

  1. Scroll to the Native Workspace section on the Policies tab and click the toggle to disable the workspace.

    Disable Workspace

  2. Click Delete in the Native Workspace section.

  3. Choose one of the following options in the modal:

    • Purge Generic Workspace Data: permanently delete data, while the data used by derived data sources is preserved. Note: If you created a derived data source that references a view on top of a table in Snowflake that isn't a derived data source, that table will be deleted and break the derived data source.
    • Purge Everything & Delete Derived Data Sources: permanently delete data and purge all derived data sources.

    Delete Workspace

  4. Click Delete.

Migrate Current Project Workspaces to Secure Views

If you had project workspaces that were created before Immuta 2022.1.0, you need to perform this migration.

  1. Navigate to the Policies tab of you project.
  2. Toggle the switch to disable the workspace, and choose from the purge options.
  3. Refresh the page.
  4. Toggle the switch the enable the workspace, and fill out the modal.