Understanding Snowflake Objects

Key concepts in understanding the Protegrity Serverless with Snowflake.

1: External Functions

2: Snowflake Masking Policies

1 - External Functions

Call out to a process external to Snowflake through a REST API.

External Functions

Snowflake provides an External Function capability used to call out to a process external to Snowflake through a REST request over TLS encryption. In the Protegrity Serverless for Snowflake solution, this external service is the Protegrity Endpoint for data re-identification operations.

Security Operation Parameters

The following table describes optional and required security operation parameters.

Parameter	Type	Example	Description
op_type	String	“op_type”:“UNPROTECT” “op_type”:“PROTECT”	Required operation name, can be either UNPROTECT or PROTECT
data_element	String	“data_element”:“TOK_ALPHA”	Required data element name defined in Protegrity Security Policy
external_iv	String	“external_iv”:“abc-123”	Optional external intialization vector, which allows for different tokenized results for the same input data and data element of the same security policy. Refer to the External Initialization Vector (IV) in the Protection Methods Reference for more details.
External Function Sample Definition with External IV:
`CREATE SECURE EXTERNAL FUNCTION PTY_PROTECT_ALPHA ( val varchar ) RETURNS varchar NULL IMMUTABLE COMMENT = 'Protects using an ALPHA data element using External IV' API_INTEGRATION = REPLACE_WITH_YOUR_API_INTEGRATION_ID HEADERS = ( 'X-Protegrity-HCoP-Rules'= '{"jsonpaths":[{"op_type":"PROTECT","data_element":"TOK_ALPHA","external_iv":"abc-123"}]}' ) CONTEXT_HEADERS = ( current_user, current_timestamp, current_account ) AS '<AWS API GATEWAY URL>/SF_CUSTOMER';`

2 - Snowflake Masking Policies

Optimize REST requests to the Protegrity endpoint.

Masking Policies in the Sample Application are used to optimize REST requests to the Protegrity endpoint and to prevent integration of External Functions into queries.