Monitors and alerts — ACCOUNTADMIN user changes

Spyglass now monitors when role ACCOUNTADMIN is granted or revoked from users. When this change is detected, Spyglass admins receive a notification, and can view the open alerts on the issue details page.

Options are available to acknowledge the alert: mark the change as intended and acceptable; or dismiss it: ignore this incident, and similar future incidents.

Access requests — Role recommendations

Upon new access request creation, Spyglass looks at the access request title and description to determine if any tables or views have been requested. Spyglass attempts to find those tables and returns the top-level roles that grant access to all the objects mentioned.

"Top-level roles" are roles that exist at the top of the role hierarchy that should be granted to users. In other words, Spyglass tries not to recommend any intermediate or lower level roles.

Recommendations — Sensitive access history

Spyglass now identifies elevated users and roles that may have directly accessed sensitive data within the last 90 days.

"Sensitive data" means any tables or views that are secured by one or more masking policies.

User experience

• SQL code blocks across the app now have syntax highlighting!

• Added an access request timeline to the main listing page to give users a high level overview of recent changes.