Snowflake Role Explosion : As organizations scale their Snowflake environments across multiple dimensions (users, regions, data sensitivity, and projects), relying purely on native Role-Based Access Control (RBAC) and custom views creates an unmanageable administrative and security burden.
Key Symptoms:
Combinatorial Growth: A simple access matrix—such as 5 personas × 3 regions × 3 sensitivity levels × 2 environments—quickly generates nearly 100 separate, highly specific roles (e.g., ANALYST_US_PII_MASKED).
Opaque Logic: Business intent is hidden within confusing naming conventions and complex view logic rather than being driven by explicit, readable policies.
Operational Paralysis: Administrators become afraid to delete old roles for fear of breaking downstream pipelines, making the principle of “least-privilege” impossible to enforce.
Accelerating Technical Debt: To keep moving fast, teams resort to layering on even more custom, one-off roles and views just to ship new projects, accelerating the sprawl.
In short: Standard RBAC breaks down at enterprise scale, demanding a structural shift away from manually hand-crafting endless role permutations and toward centralized, automated policy management.
How to fix it?