Traverse Explorer #
Traverse Explorer provides a searchable, drillable interface into your Snowflake account data including users, roles, privileges, databases, and schemas.
It allows users, administrators, and auditors to answer questions like:
- Which role should I use to write to access a specific database?
- Which users have been granted the elevated ‘ACCOUNTADMIN’ role?
Traverse provides both a Table View and Graph View. Table View is useful for viewing large numbers of objects or permissions, while Graph View is useful for analyzing the makeup of the Snowflake role hierarchy.
Note: before using the explorer, you must be a member of an Organization with imported Account data, see Organizations and Accounts instructions on how to create organizations and manage accounts.
Account Selector #
A Traverse user can belong to multiple organizations, and the organizations can have multiple accounts. The account selector lets a user switch between these organizations and accounts.
The account selector also shows a timestamp of when the account data was last imported.
Searching and Viewing Account Data #
The global view allows you to search and explore all data in your snowflake account. Entering data in the search bar will automatically filter objects and update the table.
Choose the specific object types you’d like to filter on using the object-type toggle button on the left nav.
Notice that each object type has a shape and color associated with it. Whenever an object shows in Traverse it will have this shape and color next to it, or be this shape and color (in Graph View).
Switch to Graph View using the Tabular/Graphical toggle button:
Large Account Warning: rendering the global graph in large accounts can take a long time and freeze your browser. If you have a large account you might choose to stay in the tabular view and only use the Graph View once an object is selected.
Selecting Objects #
Clicking on any object, either the row in tabular view or a node in Graph View will select the object and allow for further analysis of that object.
After an object is selected you will see the object name in the ‘Selected Node’ chip.
To unselect the node and return to the global view, click the
X on the chip.
Each object type gets a set of selectable filters for objects that are related to it. In the image above, users have ‘ROLES’, ‘DATABASES’, and ‘SCHEMAS’.
Each object type filter has three states:
- Off: don’t show any objects of this type
- On: Show privileges on objects of this type that were immediately granted to the selected object
- Inherited: show privileges on objects of this type that are inherited through role grants
Table View #
Selecting filters in Table View will open tabs for each set of related objects.
Tables can be dowloaded as CSV using the ‘Download’ arrow in the lower-right corner of any table.
Graphical View #
The graphical view shows Snowflake objects and privileges as nodes and vertices. The selected node will be highligted. Colors of nodes correspond to their node type, just as in the Table View.
Notice there is a single Graph View, where the Table View would open up new tabs for each filter selection, in Graph View each selection is added to the same graph.
Hovering over an edge will show the granted privileges.
Click on any object in the graph to replace the selected node. When switching between selected nodes, the current view will stay the same but all filters will be cleared.