Getting Started with Secure Data Sharing

Secure Data Sharing is an extremely powerful, yet easy-to-use feature. You can get started as a data provider in just a few simple steps.

This topic introduces the tasks required to share a database and its objects with one or more accounts. The example at the end of the topic illustrates all the SQL commands required to perform these tasks.

In this Topic:


To perform the tasks described in this topic, you must use the ACCOUNTADMIN role.

Also, this topic describes only the minimum set of tasks required for providers to start sharing data. For more detailed information, including more detailed data sharing scenarios, see Working with Shares.

Step 1: Create a Share

Use CREATE SHARE to create a share. At this step, the share is simply a container waiting for objects and accounts to be added.

Step 2: Add Objects to the Share by Granting Privileges

Use GRANT <privilege> … TO SHARE to grant the following object privileges to the share:

  • USAGE privilege on the database you wish to share.

  • USAGE privilege on each database schema containing the objects you wish to share.

  • SELECT privilege for sharing specific objects in each shared schema:

    • Tables

    • External tables

    • Secure views

    • Secure materialized views

    • Secure UDFs


If you plan to securely share data with data consumers across different regions or cloud platforms, note that currently, replicating a primary database is blocked if one or more external tables exist in the database.


Creating secure views on streams and then sharing those views with consumers is not recommended. Instead, allow consumers to create their own streams on the tables and secure views that you share. For more information, see Streams on Shared Objects.

Optionally use SHOW GRANTS to view the object grants for the share.


We recommend performing this minimal amount of validation of the share before completing the next step because, once the next step is completed, the share is “visible” to all the accounts that are added to the share.

If you want to perform a more in-depth validation of the share, Snowflake provides a mechanism for simulating a consumer account in your account. For more details, see Using Secure Objects to Control Data Access.

Step 3: Add One or More Accounts to the Share

Use ALTER SHARE to add one or more accounts to the share. To review the accounts added to the share, you can use SHOW GRANTS.

That’s it! The share is now ready to be consumed by the specified accounts. For more detailed instructions for performing these and other data provider tasks, see Working with Shares.


The following example illustrates the entire provider process as described above.

Note that this example assumes:

  • A database named sales_db exists with a schema named aggregates_eula and a table named aggregate_1.

  • The database, schema, and table will be shared with two accounts named xy12345 and yz23456.

USE ROLE accountadmin;


GRANT USAGE ON SCHEMA sales_db.aggregates_eula TO SHARE sales_s;
GRANT SELECT ON TABLE sales_db.aggregates_eula.aggregate_1 TO SHARE sales_s;


ALTER SHARE sales_s ADD ACCOUNTS=xy12345, yz23456;

Back to top