Skip to main content

Manage Access Requests

ALTR’s Access Request feature makes it easy to request and manage access to Snowflake database objects: databases, schemas, tables and views. Submit access requests through the ALTR Access Request Streamlit app, and approvers review and approve/deny those requests in ALTR.

When a request is approved, ALTR automatically creates an access management policy to grant access to the specified role. Learn more.

Requestor: Submit a Request to Access Data

Use the ALTR Access Request Streamlit app in Snowflake to request access to data objects, such as databases, schemas, tables and views. Once the request is submitted, an Administrator in your ALTR organization approves or denies it.

Install the ALTR Access Request App

ALTR Access Request is a Streamlit app in Snowflake used to request access to data objects. To install and set up the app, contact ALTR Support.

Submit a Request

To submit an access request:

  1. Log into Snowflake.

  2. Select ProjectsStreamlit in the Navigation menu.

  3. Click ALTR_ACCESS_REQUEST to open the app.

  4. Select roles to define the roles you are requesting access to. Use Search for roles to filter the Select roles dropdown.

  5. Select a database to define the entire database you are requesting access to.

  6. (Optional) Select a schema. By default, all schemas in the database are selected.

  7. (Optional) Select a table/view. By default, all tables and views in all schemas in the database are selected.

  8. (Optional) Click Add Object to additional objects to your request. All objects within a single entry have the same level of access (i.e., READ and/or WRITE).

  9. Select access to define either READ and/or WRITE access you are requesting.

  10. (Optional) Click Add Entry to add another entry to your request that has different access.

    Note

    For example, Entry 1 could have READ access to Database_1 while Entry 2 could have READ and WRITE access to Database_2.

  11. Enter your email address. This is required so the approver can contact you to inform you when your request was approved or denied.

  12. Enter a reason for the request, e.g., you’re new to a team and need access to the team’s data.

  13. Expand Request Summary to ensure your request is complete.

  14. Click Validate Request to ensure you have properly filled out the request form.

  15. Click Submit Request. The approver will contact you to let you know if your request was approved or denied.

Reviewer: Review Access Requests

Any ALTR administrator can review access requests. This user is typically a database administrator or a data owner.

When reviewing an access request, decide whether the request will be approved or denied. If approved, an access management policy is automatically created to grant access to the roles defined in the request. If a request is approved and you need to revoke access, simply delete the access management policy.

To review an access request:

  1. Log into ALTR.

  2. Select Policy on the Navigation menu.

  3. Click View in the New access request banner; a modal opens to display all open requests.

  4. Click View for the access request to see the full details.

  5. Review the request details.

  6. (Optional) Enter a Comment or a reason for approving or denying the request.

  7. Click Approve to create an access management policy that grants access to the requested data objects. Learn more.

    or

    Click Deny to reject the request without making any changes to access.

  8. If there are additional open requests, click View Remaining Requests to review them. Otherwise, close the modal.

  9. Contact the requestor to inform them if the request was approved or denied; this feature currently does not have notifications available.

Requestor: Confirm Access & Update New Policy

Your administrator notifies you if an access request is approved. Confirm your data access in Snowflake and update the new access management policy in ALTR as needed. Learn more.

Confirm Access

Log into Snowflake and confirm the access you request has been granted.

Update New Policy

After the request is approved, update the access management policy as needed:

  • Rename the policy to something more meaningful. By default, it's named Access Request [ID].

  • Set a policy refresh to automatically check for new database objects. This is off by default.

To update the policy:

  1. Log into ALTR.

  2. Select Policy in the Navigation menu.

  3. Click the access management policy you wish to update.

  4. Click Edit Policy.

  5. (Optional) Update the Policy Name.

  6. (Optional) Set a schedule under Policy Refresh.

  7. Click Save.

View Access Requests

View Open Requests

To view open access requests that are pending review:

  1. Log into ALTR.

  2. Select Policy in the Navigation menu.

  3. On the ribbon, click View; a modal displays all open requests.

View Approve or Denied Requests

To view all approved and denied access requests, use the Access Requests audit log in ALTR. This log shows request details, approval decisions and timestamps.

Note

Entries may take a few minutes to appear in the system audit after a request is submitted or updated.

To view access requests:

  1. Select Audit LogsSystem Audit in the Navigation menu.

  2. Click the Access Requests tab.

In this section: