Omnata Product Documentation
  • Omnata Sync for Snowflake
    • What is Omnata Sync for Snowflake?
    • How it works
      • Terminology
      • Branching Mode
      • Sync Directions and Strategies
        • Outbound
        • Inbound
      • Rate Limiting
      • Access Control
      • Notifications
      • Security and Privacy
      • Internal tables
      • Internal Stored Procedures
      • FAQ
    • Step-by-step guides
      • 1. Install the Omnata Sync Engine
      • 2. Install the Omnata Plugin
      • 3. Configure the Plugin
      • 4. Create a connection
      • 5. Create a sync
    • Apps
      • Aerobotics
        • 📘Release History
      • Airtable
        • 📘Release History
      • Amazon Ads
        • Privacy Notice
      • ApprovalMax
        • 📘Release History
      • Bamboo HR
        • 📘Release History
      • Clockify
        • 📘Release History
      • Contentful
        • 📘Release History
      • GitHub
        • 📘Release History
      • Github
      • Google Ads
        • 📘Release History
      • Google Sheets
        • 📘Release History
      • HubSpot
        • 📘Release History
      • Hubspot
      • Infor Data Lake
        • 📘Release History
      • Jira
        • 📘Release History
      • LinkedIn Ads
        • 📘Release History
      • Mailgun
        • 📘Release History
      • Marketo
        • 📘Release History
      • Meta Marketing
        • 📘Release History
      • Microsoft Ads
        • 📘Release History
      • Microsoft Dynamics 365 Business Central
        • 📘Release History
        • 📘Release History
        • 📘Release History
        • 📘Release History
        • 📘Release History
      • Microsoft Entra ID
        • 📘Release History
        • 📘Release History
        • 📘Release History
        • 📘Release History
      • Microsoft Excel
      • Microsoft SQL Server
        • 📘Release History
      • Monday.com
        • 📘Release History
      • MRPeasy
        • 📘Release History
      • PayHero
        • 📘Release History
      • Pinterest Ads
        • Privacy Policy
      • PostgreSQL
        • 📘Release History
      • Salesforce
        • Salesforce Permissions needed
        • Formula Fields
        • How we use the Salesforce APIs
        • 📘Release History
      • Salesforce Marketing Cloud
        • OAuth for APIs, SFTP for file transfer with GPG on outbound
        • OAuth for APIs, SFTP for file transfer
        • OAuth for APIs, Cloud Storage for file transfer
        • 📘Release History
      • Shopify
        • Outbound sync data structures
        • 📘Release History
      • Slack
        • 📘Release History
      • Tiktok Ads
        • Privacy Policy
      • Typeform
        • 📘Release History
      • Wise
        • 📘Release History
      • Xero
        • 📘Release History
      • Zendesk Support
        • 📘Release History
        • 📘Release History
    • Plugins
      • Anatomy of a Plugin
      • Example Plugins
        • Example Plugin: Slack
        • Example Plugin: Zoho CRM
      • Creating Plugins
      • Advanced Plugin topics
        • Advanced rate limiting / concurrency
        • Custom Jinja filters
        • Custom Record Transformers
        • Dynamic Configuration Forms
        • Test case generation
    • Branching
      • Inbound Sync branching
      • Outbound Sync branching
    • Integrations
      • dbt
        • Validation Tests (coming soon)
    • 📘Release History
  • Omnata Connect for Salesforce
    • Overview
    • Getting Started
      • Install the Salesforce App
      • Connect to your data warehouse
        • Snowflake
        • BigQuery
        • Rockset
        • Firebolt
        • SingleStore (previously MemSQL)
      • Deciding which mode to use
    • Omnata with Salesforce Connect (External Objects)
      • Object Configuration
      • View your data in a list
      • Link to other objects
      • Use in a Report
      • Database schema changes
      • Writing to External Objects
    • Omnata with Salesforce Lightning Components
      • Object Configuration
      • View your data in a list
      • Link to other objects
      • Using the Lightning Component on a page
      • Assigning Permissions
    • Advanced Features
      • Row Level Filtering
      • Multi-Currency handling
        • About Multi-Currency
        • Support in Omnata Connect
        • Apex Features
    • Integrations
      • Datadog
    • Omnata with Salesforce Apex
    • Security
    • Use cases
      • Linked object drill-downs
      • Global Search
      • ERP and historical data
      • Embedded product metrics
    • Best Practices
      • Global Search
      • Change Management
      • Snowflake table design
      • Salesforce page layout
      • Salesforce Caching
Powered by GitBook
On this page
  • Installation
  • Configuration
  • Network access
  • Data Storage
  • Support
  • Application Upgrades
  • Architecture diagram
  • Download this security overview as a PDF
  1. Omnata Sync for Snowflake
  2. How it works

Security and Privacy

PreviousNotificationsNextInternal tables

Last updated 7 months ago

Omnata Sync is delivered as a .

This means that each customer has a dedicated instance of the application, running within the controlled boundary of their Snowflake account. You can read an overview of the security advantages that the Native Applications Framework offers .

Installation

The Omnata Sync Engine is installed by user with the Snowflake ACCOUNTADMIN role, from the . This creates a special type of database in your Snowflake account, known as an "application". It contains all of the application code required to configure, schedule and observe data sync tasks.

In addition to this, plugin applications are installed from the Marketplace, which contain the application code that communicates with a particular application. The Sync Engine uses these plugins to read data from and/or write data to the application.

In both cases, these applications start with no privileges to access any tables or other objects within the Snowflake account. These are granted as part of the configuration process, for example if you wanted to sync a Leads table to Salesforce, you would first grant select privileges on it to the Sync Engine application.

Installing an application does not give the application provider (Omnata) any access into your Snowflake account.

After a consumer installs an application in their account, Omnata is made aware via records in the shared table. This provides us with contact details of the person who installed the app, and we will send an automated welcome email. Note that this process does not provide us with any access to your Snowflake account, it is simply a feed of admin contact information.

Configuration

Omnata Sync includes an administration User Interface built with , and this runs on a warehouse chosen by the end user.

Network access

In order to sync data with external systems, three features are used by the Sync Engine:

  • are used to permit communication with specific domains

  • are used to securely store credentials within the Snowflake account

  • are used to tie network rules and secrets together and collectively permit API calls to be made to applications. External Access Integrations require the ACCOUNTADMIN role to configure, and can not be directly created by the application.

Data Storage

All configuration data, sync run history and record data are stored as Snowflake tables inside the native application instance. Omnata do not have access to this information.

These tables are equivalent to any other regular table in the customer's Snowflake account in terms of how data is encrypted and secured.

To grant permission for a Snowflake role to access this data, run the following SQL statement:

grant application role OMNATA_SYNC_ENGINE.OMNATA_ADMINISTRATOR 
to role MY_ROLE;

Support

Omnata requires error events to be shared upon installation of the app. These events do not contain any customer data, user telemetry or debug data.

Application Upgrades

Architecture diagram

Download this security overview as a PDF

Omnata's application code to the local event table (automatically created). The customer can query these logs to see error messages logged by background processes, as well as other debugging information.

In order to diagnose the cause of problems, Omnata may ask the consumer to for debugging. This is optional and can be revoked at any time.

Omnata can deploy new versions of the Sync Engine and plugins, by and assigning them to accounts via release directives. Again, this does not give us any form of access into the consumer's account. The upgrade process is managed by Snowflake, we only have visibility of whether or not the upgrade process succeeded, and any error messages.

Snowflake Native Application
here
Snowflake Marketplace
LISTING_EVENTS_DAILY
Streamlit
Network rules
Secrets
External access integrations
logs messages and trace events
enable the sharing of lower level events
publishing new versions
386KB
Omnata Sync - Security whitepaper (Sep 2024).pdf
pdf