This topic provides concepts and instructions on how to use tags in Snowflake.
In this Topic:
What is a Tag?¶
Tags enable data stewards to track sensitive data for compliance, discovery, protection, and resource usage use cases through either a centralized or decentralized data governance management approach.
A tag is a schema-level object that can be assigned to another Snowflake object. A tag can be assigned an arbitrary string value upon assigning the tag to a Snowflake object. Snowflake stores the tag and its string value as a key-value pair. The tag must be unique for your schema and the tag value is always a string. The maximum number of characters for the tag value is 256. The maximum number of unique tag keys that can be set on a single object is 20.
For a table or view and its columns, the total number of unique tag keys that can be set is 20.
For example, if a single column in a table has 10 unique tag keys set on the column, Snowflake allows 10 additional unique tag keys to be set on either that column, other columns in the table, the table itself, or some combination of the table and its columns. Once the limit of 20 unique tag keys is met, no additional tag keys can be set on the table or its columns.
You create a tag using a CREATE TAG statement, and you specify the tag string value when assigning the tag to an object. The tag can be assigned to an object while creating the object, using a CREATE <object> statement, assuming that the tag already exists. Alternatively, you can assign the tag to an existing object using an ALTER <object> statement.
A single tag can be assigned to different object types at the same time (e.g. warehouse and table simultaneously). At the time of assignment, the tag string value can be duplicated or remain unique. For example, multiple tables can be assigned the cost_center tag and the tag can always have the string value be sales. Alternatively, the string value could be different (e.g. engineering, marketing, finance). After defining the tags and assigning the tags to Snowflake objects, tags can be queried to track usage on the objects to facilitate data governance operations, such as tracking, auditing, and reporting.
Because tags can be assigned to tables, views, and columns, setting a tag and then querying the tag enables the discovery of a multitude of database objects and columns that contain sensitive information. Upon discovery, data stewards can determine how best to make that data available, such as selective filtering using row access policies, or using masking policies to determine whether the data is tokenized, fully masked, partially masked, or unmasked.
Assigning tags to warehouses enables accurate resource usage tracking. Querying tags on resources allows for easy resource grouping by cost center or other organization units. Additionally, the tag can facilitate analyzing relatively short-term business activities, such as projects, to provide a more granular insight into what, when, and how resources were used.
A tag is inherited based on the Snowflake securable object hierarchy. Snowflake recommends defining the tag keys as closely as possible to the securable object hierarchy in your Snowflake environment.
Tag inheritance means that if a tag is applied to a table, the tag also applies to the columns in that table. This behavior is referred to as tag lineage.
It is possible to override an inherited tag on a given object. For example, if a table column inherits the tag named cost_center with a string value called sales, the tag can be updated with a more specific tag string value such as sales_na, to specify the North America sales cost center. Additionally, a new tag can be applied to the table column. Use an ALTER TABLE … ALTER COLUMN statement to update the tag string value on the column and to set one or more additional tags on a column.
After defining the tag keys and assigning tags to Snowflake objects, track the tags, tag references, and tag lineage using the specified table functions or query the views as shown in Using Tags (in this topic).
Tag lineage does not include propagation to nested objects. For example:
If nested objects already exist relative to an underlying table or view, a tag set on underlying object does not automatically result
in a tag being set on the nested object. In this example, a tag set on
table_1 does not result in the same tag being set on
materialized_view_1. This behavior is also true for columns.
If it is necessary to have tags on underlying objects or columns carry over to nested objects, execute a CREATE OR REPLACE statement on the nested object and make sure the SQL statement specifies the tag on the nested object or column.
- Ease of Use
Define a tag once and apply it to as many different objects as desirable.
- Tag Lineage
Since tags are inherited, applying the tag to objects higher in the securable objects hierarchy results in the tag being applied to all child objects. For example, if a tag is set on a table, the tag will be inherited by all columns in that table.
- Consistent Assignment with Replication
Snowflake replicates tags and their assignments within the primary database to the secondary database.
For more information, see Replication (in this topic).
- Sensitive Data Tracking and Resource Usage
Tags simplify identifying sensitive data (e.g. PII, Secret) and bring visibility to Snowflake resource usage. With data and metadata in the same system, analysts can quickly determine which resources consume the most Snowflake credits based on the tag definition (e.g.
- Centralized or Decentralized Management
Tags supports different management approaches to facilitate compliance with internal and external regulatory requirements.
In a centralized approach, the
tag_admincustom role creates and applies tags to Snowflake objects.
In a decentralized approach, individual teams apply tags to Snowflake objects and the
tag_admincustom role creates tags to ensure consistent tag naming.