Collaboration Data Clean Room 中的协作者角色

协作角色概述

Collaborators have one or more of the following collaboration roles in a clean room collaboration scenario. In this case, a collaboration role is a set of capabilities, not an RBAC role:

  • Owner: The owner defines, creates, and owns the collaboration, and defines which collaborators are invited and their collaboration roles. An owner isn’t automatically an analysis runner or a data provider, and doesn’t have any elevated run privileges. The owner’s main abilities are to create the clean room, assign collaboration roles, determine who can share data with whom, and tear down the clean room. A collaboration can have only one owner.
  • Data provider: Provides data offerings, such as tables and views, to a collaboration, and specifies which analysis runners can use them. That is, account A is a data provider to accounts B and C, as specified in the collaboration specification.
  • Analysis runner: Runs permitted templates on permitted data offerings, as specified by the collaboration specification. An analysis runner isn’t a data provider to themselves by default, unless specified in the collaboration specification.

一个协作者可以在一个协作中拥有多个协作角色,多个协作者可以在拥有相同的协作角色(所有者协作角色除外,该角色仅分配给一个用户)。例如,协作的所有者也可以是数据提供商和分析运行者。

所有者在创建协作时指定所有协作者及其协作角色。创建协作后,将无法更改协作者及其协作角色。因此,创建协作后,以下协作角色分配是固定的:

  • 无法更改所有者。
  • 无法添加或移除分析运行者。
  • The list of data providers for each analysis runner can’t be changed. If account A isn’t defined as a data provider for account B when the collaboration is created, account A can never be a data provider for account B.

However, collaborators can link or remove resources after a collaboration is created.

查看您的角色

Call GET_STATUS to see your roles in a collaboration in the ROLES column:

CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.COLLABORATION.GET_STATUS($collaboration_name);

如果您想查看有关自身角色的更多详细信息,例如,如果您是数据提供商并希望了解可以与谁共享数据,则必须检查规范。以下是加入协作后,如何在单次调用中查看协作规范:

CALL SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.COLLABORATION.VIEW_COLLABORATIONS() ->>
  SELECT "COLLABORATION_SPEC" FROM $1
    WHERE "SOURCE_NAME" = $collaboration_name;

示例

以下示例显示了一个非常基本的协作,它定义了协作角色,但未定义任何资源。您可以创建带资源或不带资源的协作,并可以之后添加或移除资源。

api_version: 2.0.0
spec_type: collaboration
name: basic_collaboration
owner: alice
collaborator_identifier_aliases:
  alice: corp1.acct123
  bob: corp2.acctxyz
analysis_runners:
  alice:
    data_providers:
      alice:
        data_offerings: []
      bob:
        data_offerings: []
  bob:
    data_providers:
      alice:
        data_offerings: []

之前的协作定义了以下协作者和协作角色:

  • alice is the collaboration owner, an analysis runner, and a data provider for bob and herself. alice is the alias defined in the collaboration for account corp1.acct123.
  • bob is an analysis runner, and a data provider for alice but not for himself. bob is the alias defined in the collaboration for account corp2.acctxyz.

创建协作后,无法修改这些协作角色,也无法添加新的协作者。

数据提供商可以在创建协作后链接数据产品。创建协作后,任何协作者都可以请求添加模板。以下示例展示了如何使用协作 API,将资源链接至之前创建的协作:

api_version: 2.0.0
spec_type: collaboration
name: basic_collaboration
owner: alice
collaborator_identifier_aliases:
  alice: corp1.acct123
  bob: corp2.acctxyz
analysis_runners:
  alice:
    data_providers:
      alice:
        data_offerings:
        - id: alice_data_1
        - id: alice_data_2
      bob:
        data_offerings:
        - id: bob_data_1
    templates:
    - id: template1  # Alice can run template1 using alice_data_1, alice_data_2, or bob_data_1.
  bob:
    data_providers:
      alice:
        data_offerings:
        - id: alice_data_1
    templates:
    - id: template2  # Bob can run template2 using data from alice_data_1, provided by alice.

修改后的协作现在支持以下资源和功能:

  • alice can run analyses using template1 with data from alice_data_1, alice_data_2, and bob_data_1.
  • bob can run template2 using data from alice_data_1.