Read-only Accounts (FAQ)¶
Read-only accounts enable providers to share data with consumers who are not already Snowflake customers, without requiring the consumers to become Snowflake customers.
In this Topic:
- What is a Read-only Account?
- What is Allowed in a Read-only Account?
- What is Not Allowed in a Read-only Account?
- Who Creates a Read-only Account?
- Are There Costs Associated with a Read-only Account?
- Who is the Read-only Administrator and What is Their Role?
- How Do Users Access a Read-only Account?
- Who Provides Support for a Read-only Account?
- Can a Read-only Account be Converted to a Regular Account?
What is a Read-only Account?¶
A read-only account enables data consumers to access and query data shared by the provider of the account, with minimal (or no) setup and usage costs for the consumer, and no requirements for the consumer to sign a licensing agreement with Snowflake.
The account is created, managed, and used by the consumer, but “owned” by the provider, who assumes responsibility for any credit charges incurred by the account and also manages the relationship with account users.
A read-only account is provisioned as a Snowflake Standard Edition account, meaning account users have access to the features and functionality of a Standard account, but with certain limitations. “Read-only” refers specifically to database objects and data, which cannot be created or modified in the account.
What is Allowed in a Read-only Account?¶
|Queries||Any user in the account can perform queries. The tables and views a user can query depend on the privileges that have been granted to the role(s) assigned to the users.|
|Data Unloading||Also referred to as “data export”, table data can be unloaded into flat files created in an already-existing external location. This feature is useful if you want to combine the data shared by a provider with data outside of Snowflake. Currently, the only supported external locations are AWS S3 buckets.|
What is Not Allowed in a Read-only Account?¶
|Objects||No creation or modification of database objects (schemas, tables, views, sequences, stages, file formats, etc.) is allowed. Attempting to create/modify any of these objects returns errors.|
|Table DML||No data can be added or modified in tables (i.e. all DML commands are disallowed).|
|Data Loading||No new/additional data can be loaded/imported into Snowflake.|
Who Creates a Read-only Account?¶
The provider of a read-only account does not perform the actual account creation; instead, the provider sends a link to the consumer who creates the account.
If you have been invited by a provider to create a read-only account, simply follow the instructions in the link. Once the account has been created, you will serve as the read-only administrator for the account, performing administrative tasks, such as creating additional users in the account and granting them roles to use Snowflake. For more information, see Who is the Read-only Administrator and What is Their Role? (in this topic).
Are There Costs Associated with a Read-only Account?¶
For consumers, there are typically no costs for creating and using a read-only account. The costs are covered by the provider, including the credit charges for using virtual warehouses to execute queries on the data shared with the account; however, a provider may decide to pass on some of these costs to the consumer. Also, the provider may place a limit on the number of credits a read-only account can consume each month.
If you are a shared data consumer, please contact your provider directly to determine whether there are any costs associated with your read-only account.
Who is the Read-only Administrator and What is Their Role?¶
The read-only administrator is the user who initially creates the account. This user is automatically assigned the READONLYADMIN role, which serves the same purpose as the system-defined ACCOUNTADMIN role (in a regular Snowflake account), but with the appropriate privileges for a read-only account.
A read-only administrator can perform all tasks in the account, including managing the following account-level objects in the system:
|Users||Create additional users in the account, as well as manage the users you create (e.g. reset passwords if forgotten).|
|Roles||All users created in the system are automatically assigned the system-defined PUBLIC role. Additionally, you can choose to create additional roles and grant them query privileges on specific shared objects (schemas, tables, and secure views). Then, these roles can be granted to users to give them selective query privileges.|
|Warehouses||Create and manage virtual warehouses (required for executing queries). You can also grant warehouse creation and monitoring privileges to other roles so that users can perform these tasks themselves.|
READONLYADMIN and PUBLIC are the only system-defined roles in a read-only account:
- Similar to other system-defined roles, READONLYADMIN and PUBLIC cannot be modified in any way.
- Contrary to other system-defined roles, READONLYADMIN is non-transferable (i.e. it cannot be granted to any other users). As such, each read-only account has a single read-only administrator.
How Do Users Access a Read-only Account?¶
All account users access Snowflake through either the web interface or any of the Snowflake-provided clients:
In the web interface, you can:
In addition, the read-only administrator can perform administrative tasks in the interface (as described in the previous section in this topic).
The Snowflake clients allow users to connect to Snowflake and perform most of the tasks that can be performed in the web interface. You can install and use any of the provided clients; however, we recommend starting with the following:
Who Provides Support for a Read-only Account?¶
Because a read-only account does not have a licensing agreement with Snowflake, standard support services are not available to account users. Instead, the provider of the account serves as the support contact:
Please contact your data provider if you encounter any issues or have any questions related to using Snowflake, including connecting to the service, creating users, starting and stopping virtual warehouses, and querying shared data.
You field questions and requests from read-only account users and provide responses as appropriate. If you are unable to directly resolve their issues or answer their questions, you can open a Snowflake Support ticket through the normal channels, as outlined in your support agreement.
Once a response has been provided by Snowflake Support, you then communicate the information back to the appropriate users in the read-only account.
Can a Read-only Account be Converted to a Regular Account?¶
Yes. If you are a data consumer and decide you would like to continue using the data shared by the provider, but with access to the full capabilities of Snowflake, your read-only account can be converted to a regular customer account, at which time you will assume ownership and responsibility for the account.
For more information about the standard Snowflake features in a regular account, see Overview of Key Features.