Snowflake: Node & Edge Schema

The Snowflake adapter extracts identity and access data from a Snowflake data warehouse instance and maps it into the SlashID identity graph. It focuses on users, roles, and service-related identities.

Node Types

Node Type	Description
SnowflakeUser	Represents a user in Snowflake.
SnowflakeRole	A role in Snowflake.
SnowflakeServiceAccount	A service account identity.
SnowflakeServiceIntegration	An integration identity for external services.
SnowflakeRSAKey	An RSA public key.
SnowflakeDatabase	A database.
SnowflakeSchema	A database schema.
SnowflakeTable	A database table.

Edge Relationships

Edge Type	From Node	To Node	Description
CAN_ASSUME	SnowflakeUser	SnowflakeRole	Indicates the ability to assume a role.
CAN_BE_ASSUMED_BY	SnowflakeRole	SnowflakeUser	Reverse of CAN_ASSUME.
OWNS	SnowflakeUser	SnowflakeRSAKey	Resource ownership link.
OWNED_BY	SnowflakeRSAKey	SnowflakeUser	Reverse of OWNS.
CAN_ASSUME	SnowflakeServiceAccount	SnowflakeRole	Indicates the ability to assume a role.
CAN_BE_ASSUMED_BY	SnowflakeRole	SnowflakeServiceAccount	Reverse of CAN_ASSUME.
OWNS	SnowflakeServiceAccount	SnowflakeRSAKey	Resource ownership link.
OWNED_BY	SnowflakeRSAKey	SnowflakeServiceAccount	Reverse of OWNS.
CAN_ASSUME	SnowflakeRole	SnowflakeRole	Indicates the ability to assume a role.
CAN_BE_ASSUMED_BY	SnowflakeRole	SnowflakeRole	Reverse of CAN_ASSUME.
CREATED	SnowflakeRole	SnowflakeRole	Indicates the entity created the resource.
CREATED_BY	SnowflakeRole	SnowflakeRole	Reverse of CREATED.
CONTAINS	SnowflakeDatabase	SnowflakeSchema	Represents hierarchical containment.
CONTAINED_BY	SnowflakeSchema	SnowflakeDatabase	Reverse of CONTAINS.
CONTAINS	SnowflakeSchema	SnowflakeTable	Represents hierarchical containment.
CONTAINED_BY	SnowflakeTable	SnowflakeSchema	Reverse of CONTAINS.
CAN_ACCESS	SnowflakeUser	SnowflakeTable	Entity is allowed to access.
ACCESSED_BY	SnowflakeTable	SnowflakeUser	Reverse of CAN_ACCESS.
CAN_ACCESS	SnowflakeRole	SnowflakeTable	Entity is allowed to access.
ACCESSED_BY	SnowflakeTable	SnowflakeRole	Reverse of CAN_ACCESS.
CAN_ACCESS	SnowflakeServiceAccount	SnowflakeTable	Entity is allowed to access.
ACCESSED_BY	SnowflakeTable	SnowflakeServiceAccount	Reverse of CAN_ACCESS.

--

Examples

(SnowflakeUser)-[:CAN_ASSUME]->(SnowflakeRole)
(SnowflakeRSAKey)-[:OWNED_BY]->(SnowflakeUser)
(SnowflakeUser)-[:CAN_ACCESS]->(SnowflakeTable)
(SnowflakeDatabase)-[:CONTAINS]->(SnowflakeSchema)