# Using Snowflake Data Sharing with Immuta

Immuta is compatible with [Snowflake Secure Data Sharing](https://docs.snowflake.com/en/user-guide/data-sharing-intro.html). Using both Immuta and Snowflake, organizations can share the policy-protected data of their Snowflake database with other Snowflake accounts with Immuta policies enforced in real time.

**Prerequisites**:

* [Snowflake integration enabled](https://documentation.immuta.com/SaaS/configuration/integrations/snowflake/how-to-guides/enterprise)
* [Snowflake tables registered in Immuta as data sources](https://documentation.immuta.com/SaaS/configuration/integrations/data-and-integrations/registering-metadata/register-data-sources/snowflake-tutorial)

## Create Immuta Policies to Protect the Data

**Required Permission**: Immuta: `GOVERNANCE`

[Build Immuta data policies](https://documentation.immuta.com/SaaS/govern/secure-your-data/authoring-policies-in-secure/data-policies/how-to-guides/data-policy-tutorial) to fit your organization's compliance requirements.

It's important to understand that subscription policies are not relevant to Snowflake data shares, because the act of sharing the data *is* the subscription policy. Data policies can be enforced on the consuming account from the producer account on a share following these instructions.

## Register the Snowflake Data Consumer with Immuta

**Required Permission**: Immuta: `USER_ADMIN`

To register the Snowflake data consumer in Immuta,

1. [Create a new Immuta user](https://documentation.immuta.com/SaaS/people/users-index/how-to-guides/managing-personas-and-permissions#create-users).
2. [Update the Immuta user's Snowflake username](https://documentation.immuta.com/SaaS/people/users-index/how-to-guides/external-user-mapping#manually-configure-external-user-id-mapping-on-a-users-page) to match the account ID for the data consumer. This value is the output on the data consumer side when `SELECT CURRENT_ACCOUNT()` is run in Snowflake.
3. [Give the Immuta user the appropriate attributes and groups](https://documentation.immuta.com/SaaS/people/users-index/how-to-guides/managing-attribute-and-group#add-group-or-user-attribute) for your organization's policies.
4. [Subscribe the Immuta user to the data sources](https://documentation.immuta.com/SaaS/configuration/integrations/data-and-integrations/registering-metadata/data-source-settings/how-to-guides/manage-members).

## Create the Snowflake Data Share

**Required Permission**: Snowflake `ACCOUNTADMIN`

To share the policy-protected data source,

1. [Create a Snowflake Data Share](https://docs.snowflake.com/en/user-guide/data-sharing-gs.html#getting-started-with-secure-data-sharing) of the Snowflake table that has been registered in Immuta.
2. Grant reference usage on the Immuta database to the share you created:

   ```sql
   GRANT REFERENCE_USAGE ON DATABASE "<Immuta database of the provider account>" TO SHARE "<DATA_SHARE>";
   ```

   Replace the content in angle brackets above with the name of your Immuta database and Snowflake data share.