Access requests

Access requests enable you to scale how access is requested, reviewed, and approved at your organization so that you can scale your team in a secure, auditable, and compliant way.

Requesting access

Your users can initiate an access request on the "Access requests" page, as well as any object page within the Explorer. Users provide a description of their access request and a duration for how long they need access.

Access requests via API

Your application or third-party integration may also initiate access requests. Information on setting up API access can be found in Spyglass settings. Note that a human is still required to approve requests.

curl \
  -H 'Authorization: Bearer <access token>' \
  -H 'content-type: application/json' \
  -d '{"reason": "Testing access request creation via API.", "email": ""}'

Approving access

Approval occurs according to your predefined approval policies. By default, your Spyglass admins are the only users able to approve access requests. Additional approvers may be added to any request, depending on what business functions are in scope.

Approval policies describe who can approve requests under what conditions. For custom approval policies, reach out to your account rep to discuss your needs.

Approval request status

As an approval request is updated, it will have one of a many states:

  1. Open. This access request is open and pending review.

  2. Closed. This access request has been closed and not accepted.

  3. Approved. The request has been approved and needs to be merged.

  4. Merged. This access request has been merged and access grants are being applied to Snowflake.

  5. Applied. The access request has been merged and all access grants have been applied to Snowflake.

Last updated