Read-only Accounts (FAQ)¶
Read-only accounts enable providers to share data with consumers who are not already Snowflake customers, without requiring the consumers to become Snowflake customers.
In this Topic:
- What is a Read-only Account?
- What is Allowed/Restricted in a Read-only Account?
- Who Creates a Read-only Account?
- Are There Costs Associated with a Read-only Account?
- Who is the Read-only Administrator and What is Their Role?
- Who Provides Support for a Read-only Account?
- Can a Read-only Account be Converted to a Full Account?
- How Do Users Access a Read-only Account?
What is a Read-only Account?¶
A read-only account enables data consumers to access and query data shared by the provider of the account, with minimal (or no) setup and usage costs for the consumer, and no requirements for the consumer to sign a licensing agreement with Snowflake.
The account is created, managed, and used by the consumer, but “owned” by the provider, who assumes responsibility for any credit charges incurred by the account and also manages the relationship with account users.
A read-only account is provisioned as a Snowflake Standard Edition account, meaning users in the account have access to Standard features and functionality, but with certain limitations. “Read-only” refers specifically to database objects and data, which cannot be created or modified in the account.
What is Allowed/Restricted in a Read-only Account?¶
|Queries||Any user in the account can perform queries if their assigned role has been granted the necessary privileges.|
|Data Unloading||Also referred to as “data export”, table data can be unloaded into flat files created in an existing external location. This feature is useful if consumers want to combine the data shared by a provider with their own data outside of Snowflake. Currently, the only supported external locations are AWS S3 buckets.|
|Databases||No creation of new databases is allowed. Attempting to create a database returns an error.|
|Database objects||No creation of schemas, tables, views, sequences, stages, file formats, etc. is allowed. Attempting to create any of these objects returns an error.|
|Table DML||No data can be added or modified in tables (i.e. all DML commands are disallowed).|
|Data Loading||No new/additional data can be loaded/imported into Snowflake.|
For more information about additional supported tasks and restrictions in a read-only account, see Who is the Read-only Administrator and What is Their Role? (in this FAQ).
Who Creates a Read-only Account?¶
The provider of a read-only account does not perform the actual account creation; instead, the provider sends a link to the consumer who creates the account. The link provides the details necessary to create the account:
Currently, links for read-only accounts can only be generated by Snowflake. To request a read-only account link to be generated for one of your consumers, please contact Snowflake.
In an upcoming release, Snowflake will provide support for inviting consumers directly to create read-only accounts. This will allow providers to generate read-only account links without requiring assistance from Snowflake.
If you have been invited by a provider to create a read-only account, simply follow the instructions in the link. Once the account has been created, you will serve as the read-only administrator for the account, performing administrative tasks, such as creating additional users in the account and granting them roles to use Snowflake. For more information, see Who is the Read-only Administrator and What is Their Role? (in this FAQ).
Are There Costs Associated with a Read-only Account?¶
For data consumers, there are typically no costs for creating and using a read-only account. The costs are covered by the provider, which consist primarily of the credit charges for using virtual warehouses to execute queries on the data shared with the account:
Credit consumption for a read-only account will be charged to your account; it is up to you to determine whether to pass on any of these costs to your consumers.
Also, when you request a read-only account, you can place a limit on the number of credits that can be consumed each month. If a read-only account reaches its credit limit for the month, users will no longer be able to run virtual warehouses to execute queries.
To reset the credit limit for a read-only account, please contact Snowflake.
Please contact your provider directly to determine whether there are any costs associated with your account and whether your account has a monthly credit limit.
If your account has a monthly limit and you reach the limit, please contact your provider.
Who is the Read-only Administrator and What is Their Role?¶
The read-only administrator is the user who initially creates the account. This user is automatically assigned the READONLYADMIN role, which serves the same purpose as the system-defined ACCOUNTADMIN role (in a full Snowflake account), but with the appropriate privileges for a read-only account.
A read-only administrator can perform all tasks in the account, including managing the following account-level objects in the system:
|Users||Create additional users in the account and manage the users as needed (e.g. reset passwords if forgotten).|
|Roles||Create custom roles for enabling users to perform tasks in the account, such as querying shared data. Note that custom roles are not required because each account has a system-defined PUBLIC role that is automatically granted to all users. The PUBLIC role allows users to log into Snowflake, but does not give them query privileges. To enable users to query shared data, the read-only administrator grants the necessary privileges to the PUBLIC role or a custom role.|
|Warehouses||Create and manage virtual warehouses (required for executing queries). If desired, the read-only administrator can pass these tasks on to other users in the account by granting the necessary privileges to custom roles and then assigning the roles to the users. Then, the users with the custom roles can create and manage warehouses on their own.|
READONLYADMIN and PUBLIC are the only system-defined roles in a read-only account:
- Similar to other system-defined roles, READONLYADMIN and PUBLIC cannot be modified in any way.
- Contrary to other system-defined roles, READONLYADMIN is non-transferable (i.e. it cannot be granted to any other users). As such, each read-only account has a single read-only administrator.
Who Provides Support for a Read-only Account?¶
Because a read-only account does not have a licensing agreement with Snowflake, standard support services are not available to account users. Instead, the provider of the account serves as the support contact:
As a provider, you field questions and requests from read-only account users and provide responses as appropriate. If you are unable to directly resolve their issues or answer their questions, you can open a Snowflake Support ticket through the normal channels, as outlined in your support agreement.
Once a response has been provided by Snowflake Support, you then communicate the information back to the appropriate users in the read-only account.
Please contact your data provider if you encounter any issues or have any questions related to using Snowflake, including:
Can a Read-only Account be Converted to a Full Account?¶
Yes. If you are a data consumer and decide you would like to continue using the data shared by the provider, but with access to the full capabilities of Snowflake, your read-only account can be converted to a full customer account, at which time you will assume ownership and responsibility for the account.
For more information about the Snowflake features in a full account, see Overview of Key Features.
How Do Users Access a Read-only Account?¶
All users access the account through either the Snowflake web interface or any of the Snowflake-provided clients:
In the web interface, you can:
In addition, the read-only administrator can perform administrative tasks in the interface, as described in Who is the Read-only Administrator and What is Their Role? (in this FAQ).
The Snowflake clients allow users to connect to Snowflake and perform most of the tasks that can be performed in the web interface. You can install and use any of the provided clients; however, we recommend starting with the following: