If you use Snowflake masking policies, Spyglass can surface this information to users.

On the role details page, the "Sensitive Role" tag indicates which tables or views the role has elevated privileges for.

How it works

Under the hood, Spyglass analyzes your masking policies and uses that information to determine which roles might be considered sensitive. In the following example, the ANALYST role would be considered sensitive, since it displays unmasked data.

CASE
  WHEN current_role() IN ('ANALYST') THEN val
  ELSE '********'
END;