Snowflake
Step 1 - Prepare your Warehouse:
If you have defined a Snowflake Network Policy, add Narrator's IP addresses to that policy.
Create a user and grant Narrator Access
Open a new worksheet in the Snowflake console
Run a query in a worksheet
Copy the code below into the worksheet and run it. Ensure 'All Queries' is checked.
begin;
-- create variables for user / password / role / warehouse / database (needs to be uppercase for objects)
set role_name = 'NARRATOR_ROLE';
set user_name = 'narrator_user';
set user_password = 'pleasereplaceme';
set warehouse_name = 'COMPUTE_WH';
set database_name = 'DOH';
-- change role to securityadmin for user / role steps
use role securityadmin;
-- create role for narrator
create role if not exists identifier($role_name);
grant role identifier($role_name) to role SYSADMIN;
-- create a user for narrator
create user if not exists identifier($user_name)
password = $user_password
default_role = $role_name
default_warehouse = $warehouse_name;
grant role identifier($role_name) to user identifier($user_name);
-- change role to sysadmin for warehouse / database steps
use role sysadmin;
-- grant narrator role access to warehouse
grant USAGE
on warehouse identifier($warehouse_name)
to role identifier($role_name);
-- grant narrator access to database
grant CREATE SCHEMA, MONITOR, USAGE
on database identifier($database_name)
to role identifier($role_name);
-- grant narrator read access to database
grant usage on all schemas in database identifier($database_name) to role identifier($role_name);
grant select on all tables in database identifier($database_name) to role identifier($role_name);
-- grant narrator read access to all future tables database
grant usage on database identifier($database_name) to role identifier($role_name);
-- change role to securityadmin for future schemas role assignment
use role securityadmin;
grant usage on future schemas in database identifier($database_name) to role identifier($role_name);
grant select on future tables in database identifier($database_name) to role identifier($role_name);
commit;
Optional sql for manually giving access to only specific schemas
----
-- SQL BELOW TO GRANT ACCESS TO ONLY SPECIFIC SCHEMAS
----
set schema_name = 'MY_DB.MY_SCHEMA';
grant usage on schema identifier($schema_name) to role identifier($role_name);
grant select on all tables in schema identifier($schema_name) to role identifier($role_name);
-- change role to securityadmin for future schemas role assignment
use role securityadmin;
grant usage on future tables in schema identifier($schema_name) to role identifier($role_name);
grant select on future tables in schema identifier($schema_name) to role identifier($role_name);
Step 2 - Use that new user to connect to Snowflake
Click Snowflake
Add the values from step 1
Account name can be found from the URL of the Snowflake console:
https://abcde.us-east-1.snowflakecomputing.com/console#/internal/worksheet
the account name here is abcde.us-east-1
The rest of the fields are the values in the script above
Need Help?
Our data team is here to help! Here are a couple ways to get in touch...
π¬ Chat us from within Narrator
π Email us at [email protected]
π Or
schedule a 30-min meeting with our data team
Updated over 1 year ago
Whatβs Next