CREATE CLASSIFICATION_PROFILE¶
Fully qualified name: SNOWFLAKE.DATA_PRIVACY.CLASSIFICATION_PROFILE
Creates a new instance of the CLASSIFICATION_PROFILE class or replaces an existing instance of the CLASSIFICATION_PROFILE class in the current or specified schema.
Syntax¶
CREATE [ OR REPLACE ] SNOWFLAKE.DATA_PRIVACY.CLASSIFICATION_PROFILE
[ IF NOT EXISTS ] <classification_profile_name> ( <config_object> )
Parameters¶
classification_profile_nameSpecifies the identifier (name) for the instance of the CLASSIFICATION_PROFILE class; must be unique for the schema in which the object is created.
In addition, the identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (for example,
"My object"). Identifiers enclosed in double quotes are also case-sensitive.For more information, see Identifier requirements.
Constructor arguments¶
config_objectAn OBJECT containing key-value pairs used to configure automatic sensitive data classification.
Key
Type
Default
Description
minimum_object_age_for_classification_daysINTEGER
Required: Specifies the minimum number of days an object must exist in order to be classified.
To classify objects immediately, specify
0.maximum_classification_validity_daysINTEGER
Optional: Specifies the number of days since the last classification event before a table is classified again using automatic classification.
Specify this value to ensure that tables are reclassified. If you omit this key, objects are never reclassified.
The value must be greater than or equal to
1.auto_tagBOOLEAN
TRUE
Optional: When
TRUE, sets the recommended classification system tags on the columns in the specified object when the classification process is complete.When
FALSE, automatic tagging does not occur.tag_mapOBJECT
Optional: Maps one or more user-defined tags to the SEMANTIC_CATEGORY system tag.
See Tag map.
custom_classifiersOBJECT
Optional: Specifies custom classifiers that are used when automatically classifying data.
Each key in the object specifies the name of an instance of the CUSTOM_CLASSIFIER class.
The value of each key specifies the custom_classifier!LIST method of the custom classifier instance.
Tag map¶
An OBJECT that maps one or more user-defined tags to the SEMANTIC_CATEGORY system tag.
'column_tag_map': [ ... ]An array of objects that have the following key-value pairs:
'tag_name': 'string'The fully qualified name of the tag.
For more information, see Identifier requirements.
'tag_value':'string'The string value of the tag.
Optional: If not specified, you must also omit the
semantic_categorieskey. If omitted, thetag_nametag is applied to every column to which the SEMANTIC_CATEGORY system tag is applied, and the value of the user-defined tag will match the value of the SEMANTIC_CATEGORY tag.'semantic_categories': [ 'category' [ , 'category' ... ] ]A comma-separated list of categories for the SEMANTIC_CATEGORY system tag.
The
tag_nameuser-defined tag is mapped to instances where the value of the SEMANTIC_CATEGORY tag is one of the specified categories.Optional: If not specified, you must also omit the
tag_valuekey. If omitted, thetag_nametag is applied to every column to which the system SEMANTIC_CATEGORY tag is applied, and the value of the user-defined tag will match the value of the SEMANTIC_CATEGORY tag.
Access control requirements¶
A role used to execute this operation must have the following privileges at a minimum:
Privilege/role |
Object |
|---|---|
CLASSIFICATION_ADMIN database role |
n/a |
CREATE SNOWFLAKE.DATA_PRIVACY.CLASSIFICATION_PROFILE privilege |
Schema |
The USAGE privilege on the parent database and schema are required to perform operations on any object in a schema.
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Methods¶
You can call the following methods on the instance of the CLASSIFICATION_PROFILE class that you create:
Usage notes¶
To refer to this class by its unqualified name, include the database and schema of the class in your search path.
If the same tag and semantic category is mapped to two different values, then the order of the objects in the
column_tag_mapdetermines the tag and string value to set on a column. Order thecolumn_tag_maparrays from highest preference to lowest preference.
Examples¶
Create an instance and specify basic criteria to automatically classify tables in a schema:
CREATE OR REPLACE SNOWFLAKE.DATA_PRIVACY.CLASSIFICATION_PROFILE
my_classification_profile(
{
'minimum_object_age_for_classification_days': 0,
'maximum_classification_validity_days': 30,
'auto_tag': true
});
Create an instance and specify the tag mapping to a single tag:
CREATE OR REPLACE SNOWFLAKE.DATA_PRIVACY.CLASSIFICATION_PROFILE my_classification_profile(
{
'minimum_object_age_for_classification_days':0,
'auto_tag':true,
'tag_map':{
'column_tag_map':[
{
'tag_name':'tag_db.sch.pii'
}
]
}
}
);
Create an instance and specify the tag mapping to different tag values:
CREATE OR REPLACE SNOWFLAKE.DATA_PRIVACY.CLASSIFICATION_PROFILE
my_classification_profile(
{
'minimum_object_age_for_classification_days':0,
'auto_tag':true,
'tag_map': {
'column_tag_map':[
{
'tag_name':'test_ac_db.test_ac_schema.pii',
'tag_value':'important',
'semantic_categories':['NAME']
},
{
'tag_name':'test_ac_db.test_ac_schema.pii',
'tag_value':'pii',
'semantic_categories':['EMAIL','NATIONAL_IDENTIFIER']
}
]
}
}
);
Create an instance and specify custom classifiers for the automatic classification process:
CREATE OR REPLACE SNOWFLAKE.DATA_PRIVACY.CLASSIFICATION_PROFILE my_classification_profile(
{
'minimum_object_age_for_classification_days':0,
'auto_tag':true,
'custom_classifiers': {
'medical_codes': medical_codes!list(),
'finance_codes': finance_codes!list()
}
}
);