I can’t figure out how the Ontology enforces permissions against the data when objects are backed by virtual tables in Snowflake. Based on the docs it looks like Foundry’s ability to use Snowflake’s identity and access controls terminates at the data source connection. This leads me to believe I would have to duplicate security policies in Foundry. What I was hoping for is some way to pass authentication headers when the data is read from the virtual table in Foundry applications such that I don’t need to define duplicate security policies.
Hi @CodeStrap ,
Virtual Tables are replicated through the ontology funnel into object storage service v2.
There is no identity federation today.
I think PD is working on granular permission policies on object types (without the need for an intermediary restricted view). This could allow you to rebuild the row level policies that you have in Snowflake and still benefit from the direct VT to Ontology connection.
1 Like