Compliance Reporting

Rime provides compliance reports that summarise the state of your data governance. These reports are designed for two audiences: governance administrators who need to track progress on classification and access control, and procurement or security reviewers who need evidence that data handling meets organisational or regulatory standards.

Navigate to Governance > Compliance to access the reporting dashboard.

Classification coverage report

The classification coverage report shows what percentage of columns in your Snowflake account have been classified, broken down by database, schema, and table.

What it shows

Overall coverage — the total number of columns across all schemas, with the percentage that have been assigned a privacy level
Coverage by database — each database listed with its column count and classification percentage
Coverage by schema — each schema with its own breakdown
Coverage by table — individual tables, showing classified and unclassified column counts
Unclassified column list — a filterable list of every column that has not yet been classified

How to use it

The coverage report is the primary tool for tracking your progress toward full classification. Under the masked-by-default model, unclassified columns are not a security risk — they remain masked. However, they represent a governance gap where no deliberate decision has been made about the data’s sensitivity.

Target 100% classification coverage across all schemas that contain business data. Reference and system schemas (e.g., Snowflake’s INFORMATION_SCHEMA) are excluded from coverage calculations.

The report highlights tables with low coverage in red. Selecting a table opens the data classification column browser filtered to that table’s unclassified columns, so you can classify them directly from the report.

Access matrix

The access matrix report shows which Snowflake roles can see which columns unmasked. It provides a complete picture of data visibility across your organisation.

What it shows

Role-to-privacy-level matrix — a grid with roles as rows and privacy levels (Public, Internal, Confidential, Restricted) as columns, showing which combinations are permitted
Role-to-PII-type matrix — a finer-grained grid showing visibility by PII type for each role
Column-level detail — for any role, a list of every column that role can see unmasked, grouped by database and schema
Over-privileged roles — roles that have broader visibility than their intended function suggests (e.g., an analytics role with Restricted access)

How to use it

The access matrix is the report most frequently requested during procurement and security reviews. It answers the question: “Who can see what?”

Review the matrix regularly — at minimum quarterly — to ensure that role visibility matches your organisation’s access policies. When roles are added or modified in Masking Policies, the access matrix updates automatically.

Audit summary

The audit summary aggregates data access events from Snowflake’s access history and Rime’s own audit log into a single report.

What it shows

Access events — who queried which tables and columns, and when. Data comes from Snowflake’s ACCESS_HISTORY view (requires Snowflake Enterprise Edition)
Configuration changes — who modified classifications, masking policies, or role visibility, and when. Data comes from Rime’s audit log
Login events — user authentication events including method (SSO, OAuth, email/password), success or failure, and source IP
Timeline view — a chronological view of all events, filterable by user, action type, and date range
Anomaly highlights — unusual access patterns such as a role querying a Restricted table for the first time, or a user accessing data outside normal business hours

How to use it

The audit summary serves two purposes: routine monitoring and incident investigation. For routine monitoring, review the summary weekly and investigate any anomaly highlights. For incident investigation, use the filters to narrow down to a specific user, time range, or resource.

Report generation

Reports can be generated on demand or on a schedule.

On-demand generation

Navigate to Governance > Compliance
Select the report type (Coverage, Access Matrix, or Audit Summary)
Configure the scope and date range:
- Scope — full account, specific database, or specific schema
- Date range (audit summary only) — the time period to include
Select Generate
The report renders in the browser. Select Export to download

Scheduled generation

To set up a recurring report:

Navigate to Governance > Compliance > Schedules
Select Add Schedule
Configure:
- Report type — which report to generate
- Scope — what to include
- Frequency — daily, weekly, or monthly
- Recipients — email addresses that receive the report when generated
- Format — PDF or CSV
Select Save

Scheduled reports run at the configured frequency and are emailed to recipients as attachments. They are also stored in Rime and accessible from the compliance dashboard.

Export formats

Reports can be exported in two formats:

Format	Best for
PDF	Human-readable reports for procurement reviews, management, and compliance audits. Includes formatting, charts, and Rime branding
CSV	Machine-readable data for further analysis, importing into other compliance tools, or custom reporting. One file per report section

The access matrix CSV export includes one row per role-column combination, making it suitable for loading into a spreadsheet or GRC (governance, risk, compliance) tool.

Audit retention

The amount of historical audit data available in reports depends on your Rime tier:

Tier	Retention period
Free/Trial	7 days
Small Business	30 days
Business	90 days
Business Critical	1 year

Data older than the retention period is purged and cannot be recovered. If you need longer retention, export reports on a schedule and store them in your own archive.

Snowflake’s ACCESS_HISTORY view has its own retention policy (typically 365 days on Enterprise Edition). The audit summary report can only include Snowflake access events that are still available in the access history view.

Using reports for reviews

When preparing for procurement or security reviews, Rime’s compliance reports provide the evidence typically requested:

Reviewer question	Rime report
”What sensitive data do you hold?”	Classification coverage report — shows all classified columns with their privacy levels and PII types
”Who has access to PII?”	Access matrix — shows which roles can see columns tagged with PII types
”How do you detect new sensitive data?”	PII Detection configuration + coverage report trends showing new columns being flagged and classified
”Can you prove access is audited?”	Audit summary — shows all access events with timestamps and user identifiers
”What happens when someone leaves?”	Authentication configuration + audit log showing role changes
”How is data encrypted?”	Encryption documentation + Snowflake-native encryption details
”Is tenant data isolated?”	Tenant Isolation documentation

Generate and export the relevant reports before the review. For recurring compliance obligations, set up scheduled reports that are automatically emailed to the compliance team.

Tier availability

Compliance reporting is available at all tiers, but the depth of available reports varies:

Feature	Free/Trial	Small Business	Business	Business Critical
Classification coverage	Read-only view	Full	Full	Full
Access matrix	Not available	Basic (role-to-level)	Full (role-to-PII-type)	Full + export
Audit summary	7-day window	30-day window	90-day window	1-year window
Scheduled reports	Not available	Not available	Available	Available
PDF export	Not available	Available	Available	Available
CSV export	Not available	Available	Available	Available

Next steps

Improve your classification coverage using the Data Classification column browser
Review the access matrix and adjust role visibility in Masking Policies
Set up Audit Logging to ensure all actions are captured
Review the Compliance page for regulatory requirements that reports help address