Snowflake Copilot — Everything about Availability, Security and Controls
Snowflake Copilot is powered by a model fine-tuned by Snowflake that runs securely inside Snowflake Cortex, Snowflake’s intelligent, fully managed AI service.
This approach means that your enterprise data and metadata always stay securely inside Snowflake. Snowflake Copilot also fully respects RBAC and provides suggestions based only on the datasets that you can access.
Snowflake Copilot is ready to use with no additional setup required beyond ensuring that your database and schema are selected in your worksheet or notebook. Support for this feature is available to few region accounts and for the list always refer to Snowflake documentation.
If organizations want to opt-out of Snowflake Copilot, it is possible by contacting Snowflake Support or Snowflake account representative.
Snowflake Copilot is by default enabled to ACCOUNTADMIN role. To provide access to other roles grant SNOWFLAKE.COPILOT_USER database role using ACCOUNTADMIN role.
Lets grant Snowflake Copilot access to all users!
USE ROLE ACCOUNTADMIN;
GRANT DATABASE ROLE SNOWFLAKE.COPILOT_USER TO ROLE PUBLIC;Snowflake Copilot fully respects Role-Based Access Control (RBAC) and provides suggestions based only on the datasets that the user can access, ensuring that proprietary information is not disclosed inappropriately.
For demonstration, lets use the data preparation content available here — https://medium.com/@snowflakewiki/snowflake-data-governance-ensure-secure-and-granular-access-with-snowflake-policies-96cc3439360e
Using the PUBLIC role observe Copilot do not have access to data set while using SUPER_ACCESS role Copilot gives information related to the dataset.
Data access and Privacy policies are honoured by Copilot and suggestions are data sensitive determining if the gereated query is executable or not.
Lets look out for the phone number of the customer with maximum spend.
After the Dynamic Data Masking using GLOBAL_ACCESS role, Copilot gives a valid query and upon running the result set is partially masked.
After the Projection Policy using SUPER_ACCESS role, Copilot gives a valid query and upon running the result set gives actual value.
After the Projection Policy using GLOBAL_ACCESS role, Copilot gives a query specifying its not executable. If we try running the query generated from previous prompt, we get a policy violation error.
Organizations can benefit immensely by leveraging Snowflake Copilot for various use cases and one such use case has been demonstrated here — https://medium.com/snowflake/snowflake-copilot-leveraging-for-account-admin-dashboard-queries-2859a8b7ddac
As Snowflake Copilot runs securely inside Snowflake Cortex, ensuring that your enterprise data and metadata always stay securely inside Snowflake; everyone should make use of it without doubt.
Note — I presented gist of this during Snowflake India Community Meetup — Summit Recap held on 10Aug, 2024.
References: https://docs.snowflake.com/en/user-guide/snowflake-copilot
Follow and Clap if you like the content and feel free to ask if you have any questions in the comments. I will be more than happy to assist and guide you.
