https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/Recent content in Snowflake onHugoenhttps://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/overview/Mon, 01 Jan 0001 00:00:00 +0000https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/overview/<ol id="toc"></ol> <script> // JavaScript to generate the table of contents from H2 headings document.addEventListener("DOMContentLoaded", function () { //get all h2 headings within the 'main' element and generate a toc with links to them //excluding h2 heading 'Feedback' if it exists const toc = document.getElementById("toc"); const headings = document.querySelectorAll("main h2"); headings.forEach(heading => { if (heading.textContent === "Feedback") { return; // Skip the 'Feedback' heading } const li = document.createElement("li"); const a = document.createElement("a"); const id = heading.textContent.toLowerCase().replace(/\s+/g, '-'); heading.id = id; // Set the id for the heading a.href = `#${id}`; a.textContent = heading.textContent; li.appendChild(a); toc.appendChild(li); }); }); </script> <h2 id="solution-overview">Solution Overview</h2> <p>Snowflake Protector on Azure is a cloud native, serverless product for fine-grained data protection with Snowflake™, a managed Cloud data warehouse. This enables invocation of the Protegrity data protection cryptographic methods from the Snowflake SQL execution context. The benefits of serverless include rapid auto-scaling, performance, low administrative overhead, and reduced infrastructure costs compared to a server-based solution.</p>https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/architecture/Mon, 01 Jan 0001 00:00:00 +0000https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/architecture/<ol id="toc"></ol> <script> // JavaScript to generate the table of contents from H2 headings document.addEventListener("DOMContentLoaded", function () { //get all h2 headings within the 'main' element and generate a toc with links to them //excluding h2 heading 'Feedback' if it exists const toc = document.getElementById("toc"); const headings = document.querySelectorAll("main h2"); headings.forEach(heading => { if (heading.textContent === "Feedback") { return; // Skip the 'Feedback' heading } const li = document.createElement("li"); const a = document.createElement("a"); const id = heading.textContent.toLowerCase().replace(/\s+/g, '-'); heading.id = id; // Set the id for the heading a.href = `#${id}`; a.textContent = heading.textContent; li.appendChild(a); toc.appendChild(li); }); }); </script> <h2 id="deployment-architecture">Deployment Architecture</h2> <p>Protegrity Protector for Snowflake should be deployed in Customer&rsquo;s Cloud account within the same Azure region as the Snowflake cluster. The product incorporates Protegrity&rsquo;s vaultless tokenization engine within an Azure Function App. The encrypted data security policy from an ESA is deployed periodically as a static resources through an Azure blob storage. The policy is decrypted in memory at runtime within the Function App. This architecture allows Protegrity Serverless to be highly available and scale very quickly without direct dependency on any other Protegrity services.</p>https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/no-access-behaviour/Mon, 01 Jan 0001 00:00:00 +0000https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/no-access-behaviour/<h1 id="no-access-behavior">No Access Behavior</h1> <p>The security policy maintains a <strong>No Access Operation</strong>, configured in an ESA, which determines the response for unauthorized unprotect requests.</p> <p><img src="https://docs.protegrity.com/cloud-protect/4.0.0/docs/common/protector/no_access_behaviour_border.png" alt="" title="no access settings"></p> <p>The following table describes the result returned in the response for the various no access unprotect permissions.</p> <table> <thead> <tr> <th>No Access Operation</th> <th>Data Returned</th> </tr> </thead> <tbody> <tr> <td>Null</td> <td>null</td> </tr> <tr> <td>Protected</td> <td>(protected value)</td> </tr> <tr> <td>Exception</td> <td>Query will fail with an exception</td> </tr> </tbody> </table> <div class="alert alert-info" role="alert"> <h4 class="alert-heading">Note</h4> An unauthorized protect will throw an exception. </div>https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/upgrading/Mon, 01 Jan 0001 00:00:00 +0000https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/upgrading/<ol id="toc"></ol> <script> // JavaScript to generate the table of contents from H2 headings document.addEventListener("DOMContentLoaded", function () { //get all h2 headings within the 'main' element and generate a toc with links to them //excluding h2 heading 'Feedback' if it exists const toc = document.getElementById("toc"); const headings = document.querySelectorAll("main h2"); headings.forEach(heading => { if (heading.textContent === "Feedback") { return; // Skip the 'Feedback' heading } const li = document.createElement("li"); const a = document.createElement("a"); const id = heading.textContent.toLowerCase().replace(/\s+/g, '-'); heading.id = id; // Set the id for the heading a.href = `#${id}`; a.textContent = heading.textContent; li.appendChild(a); toc.appendChild(li); }); }); </script> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">Important</h4> <ul> <li>Upgrading the Policy Agent component to version <strong>4</strong> from any previous major version requires a new installation</li> <li>Upgrading the Protector and Log Forwarder component to version <strong>4</strong> from versions &lt;<strong>3.2</strong>, or versions of <strong>3.2</strong> which use shared access key for loading the source, requires a new installation</li> </ul> </div> <p> <h2 id="upload-deployment-artifacts">Upload Deployment Artifacts</h2> <p>You can download the latest version of the deployment package from <a href="https://my.protegrity.com">https://my.protegrity.com</a>. Navigate to <strong>Data Protection</strong> &gt; <strong>Cloud Protect</strong> to download the latest version.</p>https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/known-limitations/Mon, 01 Jan 0001 00:00:00 +0000https://docs.protegrity.com/cloud-protect/4.0.0/docs/azure/snowflake/known-limitations/<ul> <li>FPE is supported only for ASCII values.</li> <li>Only the protect and unprotect operations are supported. The reprotect operation is not currently supported.</li> </ul>