Week 116 - Security & Governance

Your company, ElfCrypt Solutions, recently received an email from Snowflake announcing the upcoming enforcement of Multi-Factor Authentication (MFA) by default for all new accounts, as part of the BCR Bundle 2024_08. This update aims to strengthen security, particularly for human users (TYPE=PERSON) logging in with Snowflake's built-in password authentication.

In light of this change, ElfCrypt Solutions has decided to proactively implement a custom authentication policy that enforces MFA for sensitive users and the entire account. As the Snowflake Security Administrator, you’ll apply these security configurations and delegate policy management responsibilities to another team role.

Challenge steps:

• Define the Custom Authentication Policy: Create an MFA-enforced authentication policy called 'enhanced_auth_policy'.
• Apply the Policy Across the Account: Set enhanced_auth_policy as the default authentication policy for the entire Snowflake account to require MFA for all users.
• Enforce the Policy for a Sensitive User: Assign enhanced_auth_policy to a specific user, Alicia, who requires stricter security controls.
• Create a Policy Management Role: Set up a role named policy_manager and grant it the APPLY AUTHENTICATION POLICY privilege, so team members can manage authentication policies without full security access.
• Verify the Policy Manager Role: Use the policy_manager role to apply enhanced_auth_policy to another sensitive user, Marco, to confirm that the role permissions are working as intended.
• Optional Reset: Remove enhanced_auth_policy from Alice and Bob if needed, and delete the policy from the account to restore default settings.

Take on this challenge to be the Celebrimbor of custom authentication policies in Snowflake—secure your data, empower your team, and become the go-to expert in Snowflake security.