Skip to content

Snowflake

STEP 1

Navigate to Integrations section of our portal and click Add Integration: Integrations.

STEP 2

Select Snowflake and fill in the following fields:

  • Schedule: How often Cloud Avenue should refresh metadata from Snowflake.
  • API Secret: The Snowflake user's password.

Required Connection Fields

  • Account (field key: account)
  • Username (field key: username)
  • Warehouse (field key: warehouse)

Optional Connection Fields

  • Database (field key: database)
  • Role (field key: role)

Optional Filters

Depending on your account configuration, you may also see optional filters to scope what gets ingested. These accept comma-separated patterns:

  • Schema Filter
  • Database Filter
  • Table Filter
  • View Filter

Snowflake privileges required

To ingest basic metadata, the Snowflake user must have the following privileges:

  • USAGE on the Warehouse
  • USAGE on the Database
  • USAGE on the Schema
  • SELECT on the Tables

If you are running any of the following advanced ingestion workflows, additional privileges are required:

  • Incremental extraction
  • Tag ingestion
  • Stored procedure ingestion
  • Lineage and usage ingestion

These workflows query Snowflake's SNOWFLAKE.ACCOUNT_USAGE views such as:

  • SNOWFLAKE.ACCOUNT_USAGE.TABLES
  • SNOWFLAKE.ACCOUNT_USAGE.TAG_REFERENCES
  • SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY
  • SNOWFLAKE.ACCOUNT_USAGE.PROCEDURES
  • SNOWFLAKE.ACCOUNT_USAGE.FUNCTIONS

For these, grant either:

  • ACCOUNTADMIN, or
  • a role with IMPORTED PRIVILEGES on the SNOWFLAKE database.

Example: create a role and grant privileges

-- Create a new role for Cloud Avenue
CREATE ROLE NEW_ROLE;

-- Create a new user and assign the default role
CREATE USER NEW_USER DEFAULT_ROLE=NEW_ROLE PASSWORD='PASSWORD';

-- Grant the role to the user
GRANT ROLE NEW_ROLE TO USER NEW_USER;

-- Allow the role to use the warehouse
GRANT USAGE ON WAREHOUSE WAREHOUSE_NAME TO ROLE NEW_ROLE;

-- Allow the role to use the database
GRANT USAGE ON DATABASE TEST_DB TO ROLE NEW_ROLE;

-- Allow the role to use the schema
GRANT USAGE ON SCHEMA TEST_SCHEMA TO ROLE NEW_ROLE;

-- Grant read access on all tables in the schema
GRANT SELECT ON ALL TABLES IN SCHEMA TEST_SCHEMA TO ROLE NEW_ROLE;

-- Grant read access on external tables
GRANT SELECT ON ALL EXTERNAL TABLES IN SCHEMA TEST_SCHEMA TO ROLE NEW_ROLE;

-- Grant read access on views
GRANT SELECT ON ALL VIEWS IN SCHEMA TEST_SCHEMA TO ROLE NEW_ROLE;

-- Grant read access on dynamic tables
GRANT SELECT ON ALL DYNAMIC TABLES IN SCHEMA TEST_SCHEMA TO ROLE NEW_ROLE;

-- Required for correct lineage ingestion
GRANT IMPORTED PRIVILEGES ON ALL SCHEMAS IN DATABASE SNOWFLAKE TO ROLE NEW_ROLE;