0

If someone malicious gets access to ACCOUNTADMIN, sets DATA_RETENTION_TIME_IN_DAYS=0 to all objects in a database and then start destroying these objects, does Snowflake provide a means to rebuild the database as it was before the attack? Time Travel should not be available anymore.

From my understanding, Failsafe kicks in only after Time Travel, so if Time Travel was set to 90, then from what I understand the best we can hope for is gaining back data that is 90 days old.

What to do to prevent this kind of scenario?

Hans Deragon
  • 504
  • 1
  • 7
  • 17
  • "What to do to prevent this kind of scenario?" - regular cold (disconnected) storage backups? – Dai Jun 19 '21 at 20:13
  • 1
    Actually, this is what Fail Safe is for. As soon as the malicious attack sets everything to 0 data retention, all of your data would be available in Fail Safe. You have 7 days before that data is removed. – Mike Walton Jun 19 '21 at 20:16
  • 2
    You would lose your time-travel for that 90 days, though. – Mike Walton Jun 19 '21 at 20:17
  • @MikeWalton, you are a solution architect at Snowflake! Why provide the answer in the comments? Post it as a solution please so I can accept it. Thousands thanks. – Hans Deragon Jun 21 '21 at 01:11
  • 1
    Sure...I use the comments sometimes when I feel like being brief with my response. Let me know if you need any more details in the answer. – Mike Walton Jun 21 '21 at 02:00

1 Answers1

1

This is what Fail Safe is for. As soon as the malicious attack sets everything to 0 data retention, all of your data would be available in Fail Safe. You have 7 days before that data is removed. You would lose your time-travel for that 90 days, though.

Mike Walton
  • 6,595
  • 2
  • 11
  • 22