Connect with Snowflake

~ 20 min to complete

You need an ACCOUNTADMIN user to follow this guide.

Create a Role and a User

This creates a dedicated role and technical user. Replace example_wh with your preferred warehouse. XS is enough for most installations. It is ok to share this warehouse with other workloads to save costs. Set a secure password.

create role snowboard_role;
create user snowboard_user
    password = '<something secret>' -- remember that!
    default_warehouse = example_wh  -- specify your warehouse
    default_role = snowboard_role
    default_namespace = snowboard
    comment = 'Technical User for Sled 🛷';
grant role snowboard_role to user snowboard_user;

--allow usage of your warehouse
grant usage on warehouse example_wh to role snowboard_role;

Create the Snowboard Database

This database will be used to store profiling results and the parsed query log. You can easily access it for your own analytics. Data ownership is great.

create database snowboard;
grant ownership on database snowboard to role snowboard_role;

Grants Read Access to Data

For each database that should be added to the data catalog execute these statements. Replace example_db with the correct name. You can add more databases later, have at least one to get started.

set db_name = 'example_db'; -- specify name of database
grant usage on database identifier($db_name) to role snowboard_role;
grant usage on all schemas in database identifier($db_name) to role snowboard_role;
grant usage on future schemas in database identifier($db_name) to role snowboard_role;
grant select, references on all tables in database identifier($db_name) to role snowboard_role;
grant select, references on future tables in database identifier($db_name) to role snowboard_role;
grant select, references on all views in database identifier($db_name) to role snowboard_role;
grant select, references on future views in database identifier($db_name) to role snowboard_role;
grant select, references on all materialized views in database identifier($db_name) to role snowboard_role;
grant select, references on future materialized views in database identifier($db_name) to role snowboard_role;

💡If your Snowflake account was created before 2020, also execute the following script:Grant permissions on future tables

For shared databases the following statement is enough. Replace external_db with the correct name.

grant imported privileges on database external_db to role snowboard_role;

Grants Read Access to Account Information

Grant access to the query log and further meta data from Snowflake.

grant imported privileges on database snowflake to role snowboard_role;

Grant right to enable Single-Sign-On

Allow the technical user to create a single-sign-on integration.

GRANT CREATE INTEGRATION ON ACCOUNT TO ROLE snowboard_role;

Network Access

If you restrict network access with network policies you can use the following IP addresses for Sled.

3.210.43.243
3.66.185.175

Create a network policy

CREATE NETWORK POLICY snowboard_network_policy
ALLOWED_IP_LIST = ('3.66.185.175', '3.210.43.243');

Apply the policy to the role

ALTER ROLE snowboard_role SET NETWORK_POLICY = snowboard_network_policy;

PreviousLineage and Data Flows NextGrant permissions on future tables

Last updated 1 year ago

Was this helpful?