Our two methods of automating data policy are: Locks & Thresholds. A Lock is a rule that defines how your users can access data. The groups assigned to a lock have the key to access sensitive data included in the lock. Grouping data into a lock allows you to manage your sensitive data across multiple databases. They can be assign to individual columns or groups of columns via data tags. Simplify control over your data with a lock.  

To create a lock

  1. Go to Data Policy → Locks → Add new
  2. Fill out the lock details:

           a. add a lock name,

            b. add a user group

     3. a. Add a column-based policy.

         b. Add a tag-based policy. Tags will be defined by Google DLP classification, Snowflake native classification or Snowflake object tags. For more info on data tags click here.

     4. Optional: You can add multiple locks, just click ‘Add Another’

     5. Once done click ‘Add Lock’.

Update or remove locks

  1. click on the lock you would like to configure.
  2. In the Edit lock pane, change the info you would like to update.
  3. To save the lock click ‘update lock’, if you would like to remove the lock click ‘Remove Lock’
  4. Click confirm on the popup window.
Note: If a user group's access to a column is affected by more than one lock with different masking policies, the most permissive masking policy will be implemented.

Data masking

You can use ALTR to create native masking policies in Snowflake without writing code.

The masking options are:

  • Full mask: 123 White St → *********
  • Email: → *******
  • Show last four: 1111-111-1111 → ****-***--1111
Masking policies are currently available for Snowflake.

Classification & object tags

We classify the data you have in Snowflake without it ever needing to leave Snowflake. We also ingest your Snowflake Object Tags (including any tags you’ve created yourself or via other tools) so you can set governance policy on groups of data right within ALTR.

When you connect or update a database in Snowflake, select ‘Snowflake classification and object tags’ and ALTR will trigger a Snowflake classification for all the tables in your database. When adding a data source in the ALTR platform, simply check the ‘Tag Data by classification’ box and select the option from the dropdown menu.

Once the classification is complete, we’ll import all the data tags included in the classification as well as any other existing tags from your database into the ALTR platform. You can also choose to only import object tags, in which case ALTR ingests the object tags you have defined in Snowflake without classifying your data.

Tag keys will include their respective Snowflake categories of semantic or private tags.

  1. For existing users to leverage this feature, you will need to update your ALTR’s stored procedure in Snowflake as the Account Admin, copy and paste the below statement into your worksheet and press ‘Run’.
Copy Stored Procedure

    2. Copy & paste the below CALL statement into your Snowflake Worksheet and press the 'Run' button to invoke the procedure.

Copy Call Statement
First section of content