Snowflake Data Clean Room 术语表¶

Get to know these terms as they are used in Snowflake Data Clean Rooms. Some terms are used differently here than in the rest of Snowflake.

启动/激活

Exporting the results table of a query out of the clean room, either to a collaborator or to a third party. If allowed by the other party and the clean room settings, you can export query results to your own account or to an approved third-party partner, such as Google Ads or Meta Ads Manager.

Analysis runner

A collaboration role that allows a collaborator to run templates and view results in a collaboration. An analysis runner can use data offerings shared with them by data providers.

Code bundle

A registered package of one or more custom Python functions or procedures that can be called by a template. Code bundles are defined using a YAML specification and registered by calling REGISTRY.REGISTER_CODE_SPEC. A template references a code bundle by its ID, and the template calls functions using the syntax cleanroom.code_spec_name$function_name.

Collaboration

A secure multi-party data sharing environment. A collaboration is defined by a YAML specification that lists the collaborators, their collaboration roles, and all resources (templates, data offerings, and so on) available in the collaboration. The collaboration owner creates the collaboration by calling INITIALIZE, and other collaborators join by calling JOIN.

Collaboration owner

A collaboration role assigned to the collaborator who creates a collaboration by calling INITIALIZE. The owner defines the collaboration spec, including the list of collaborators, their roles, and the initial set of resources. Owners can't act as analysis runners or data providers by default unless the collaboration specification grants them those roles explicitly.

Collaboration role

A role that describes the set of actions that a user can perform in a given collaboration. One user can have many collaboration roles in a collaboration. Roles include owner, data provider, and analysis runner. Not the same as an RBAC role. Learn more about roles at Collaboration Data Clean Room 中的协作者角色.

协作者

Any participant in a collaboration. Each collaborator is identified by an alias and has one or more collaboration roles (owner, data provider, analysis runner).

列策略

Specified by a collaborator to indicate which of their data columns can be projected by other collaborators. A clean room column policy is determined entirely within a clean room, and isn't derived from any Snowflake policies that might be applied to the source table outside of the clean room. Learn more about column policies.

Data offering

A package of one or more datasets that a data provider shares with specific analysis runners in a collaboration. Each dataset represents one source table or view owned by the data provider. A data offering is a live view of the data, not a snapshot, so any changes to the source data are reflected in the collaboration. Data offerings are registered in a registry and then linked into a collaboration.

Data provider

A collaboration role that allows a collaborator to share data offerings with specific analysis runners in a collaboration. A data provider registers and links data offerings into the collaboration for other collaborators to use.

数据集

A secure view of a single source table or view from a data provider. A data offering consists of one or more datasets. The data offering specification defines which columns to expose, what policies to apply, and whether the data can be queried by template only or also by free-form SQL for each dataset.

DCR privilege

A conceptual permission string used to grant access to specific Collaboration API procedures to a role. DCR privileges can be granted for individual objects or more general actions. DCR privileges include READ, CREATE COLLABORATION, and JOIN COLLABORATION. These privilege strings are passed into GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE and GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE. To learn more, see 管理对协作、资源和数据的访问.

Free-form SQL

A mode of data access where an analysis runner can run arbitrary SQL queries directly against a data provider's dataset, without using a template. The data provider enables this by setting allowed_analyses: template_and_freeform_sql in their data offering specification. Snowflake policies defined in the freeform_sql_policies section of the data offering are enforced on these queries. See 自由格式 SQL 查询.

差分隐私

一种算法和数学系统，通过向数值结果中添加噪声并要求在查询中进行分组，从而为数据集中的单个行或实体增加保护，以防止确切值与数据中的确切行或实体相关联。

联接策略

A policy set by a clean room collaborator that specifies which of their columns can be joined on in queries in that clean room. A clean room join policy is entirely independent of Snowflake join policies. Learn more about join policies.

链接

Importing a resource into a collaboration. See 资源.

Local data offering

Local data offerings let standard edition accounts use their own tables in a collaboration. These offerings are not visible to any other collaborator, and template policies are not enforced. See 使用 Standard Edition 时，使用自己的数据运行分析.

链接

将受保护的数据视图导入 Clean Room。提供商和使用者可以将自己的数据链接到 Clean Room，以便对该 Clean Room 支持的任何查询提供数据。链接表或视图意味着在 Clean Room 内创建源数据的副本（视图），并与 Clean Room 外的源表或视图动态链接。

Registry

An account-level container that stores resources such as templates, data offerings, and code bundles. You must register a resource in a registry before you can link it to a collaboration. Each account has a default registry that all users can access, and you can create custom registries to group and manage access to resources. Custom registries are private to the creator until access is explicitly granted to other roles. Learn more at 注册表.

Resource

A reusable component that can be registered in a registry and linked into a collaboration. Resources include templates, data offerings, and code bundles. Each resource is defined by a YAML specification, has a name and version, and is registered by calling the appropriate REGISTRY procedure. Resources can be linked into a collaboration at creation time or added later.

SCO

Secure Collaboration Orchestrator. A Snowflake-managed account that manages a collaboration behind the scenes. The SCO creates an individual app package per collaboration, shares data with collaborators according to the collaboration definition, and enforces collaboration policies such as who can access which data using which templates. Costs associated with the SCO aren't charged to users.

安全视图

When you link a table or view into the clean room, a secure view is created. This is an encrypted view based on the source table or view outside the clean room. The secure view is generally invisible to you, but might sometimes appear in an error message or when you are browsing the database objects using various tools, where you will see some name mangling of the original linked dataset. Unless directed otherwise, always refer to your data using the dataset name, which is identical to the linked source table or view.

Spec / specification / definition

A YAML document that defines a collaboration resource. Each resource type has its own specification schema, including collaboration specifications, data offering specifications, template specifications, analysis request specifications, and code bundle specifications. Specifications are passed to API procedures such as INITIALIZE, REGISTER_DATA_OFFERING, and REGISTER_TEMPLATE. See the schema reference for details.

模板

Each clean room has one or more templates, which are SQL queries written in JinjaSQL, provided by collaborators. The template provider specifies which analysis runners can use their templates. Depending on how they are written, a template can either be an analysis template, which returns results immediately, or an activation template, which saves results into the Snowflake account of the designated collaborator.