Illuminate September 2024 Release

Continuous Delivery | Release to Production 5 September 2024
Developer, Security

IP Address Restriction enabled for Snowflake Service Accounts

Coverage: Illuminate Included and Enhanced Reporting Module 
Users impacted: Users with developer role in Illuminate and BBDATA_USER_ROLE in Snowflake
Related Topics: IP address restriction for Snowflake service accounts 

We are committed to data security for all our clients. Now, institutions can give and restrict access to Snowflake service accounts to specific IP addresses. This reduces the risk of unauthorized access to sensitive data.

With a restricted IP address, users won’t be able to access a Snowflake service account or change a Snowflake account password. 

Service accounts are accounts that sign in to Snowflake with a username and password. 

Image 1. Service account in the Snowflake sign in page.

Sign in to Snowflake screen with user name and password fields highlighted

You can allow and restrict a specific IP address or range of IP addresses

This example query allows a specific IP address (1.1.1.1) and restricts a range of IP addresses from (192.168.1.0 to 192.168.1.255) for a service account called SVC_BLACKBOARD_DATA. 

USE ROLE BBDATA_USER_ROLE; 

ALTER NETWORK POLICY NP_SVC_BLACKBOARD_DATA set ALLOWED_IP_LIST = ('1.1.1.1'); 

ALTER NETWORK POLICY NP_SVC_BLACKBOARD_DATA set BLOCKED_IP_LIST = ('192.168.1.0/24'); 

Image 2: Query in Snowflake to allow a specific IP address and restrict a range of IP addresses.

Worksheets tab in Snowflake

You can find more examples of IP address restriction on the IP address restriction help page.