By default, business events stored via the Store statement result Action of Snowflake for Workflows are stored in Grail bucket default_bizevents with a retention period of 35 days. For more details, see Built-in Grail buckets.
To manage retention and costs, and protect data, we recommend creating a dedicated bucket and setting up policies that allow data access from that bucket.
<bucket-name>.matchesPhrase(event.type, "snowflake_connector") and matchesValue(event.provider, "data_connector")
To allow access to this bucket, create the following policies via Account Management:
ALLOW storage:buckets:readWHERE storage:bucket-name = "<bucket-name>";ALLOW storage:bizevents:read;
ALLOW storage:buckets:readWHERE storage:bucket-name = "<bucket-name>";ALLOW storage:events:write;
For more details, see Permissions in Grail.
To roll out policies on a large scale, we recommend using Dynatrace Configuration as Code (Monaco).
To allow access to the lookup tables, create the following policies via Account Management:
ALLOW storage:files:readWHERE storage:file-path startsWith '/lookups/some-prefix-for-tables';
ALLOW storage:files:writeWHERE storage:file-path startsWith '/lookups/some-prefix-for-tables';
For more details, see Lookup data in Grail
To roll out policies on a large scale, we recommend using Dynatrace Configuration as Code (Monaco).