Snowflake (draft)

Prerequisites

1. Create the role READ_ONLY and assign it to a user (?)

2. Create a user CLOUDAWARE and assign the READ_ONLY role by default:

CREATE USER CLOUDAWARE DEFAULT_ROLE=READ_ONLY

3. Provide the role with access to Warehouse:

GRANT USAGE ON WAREHOUSE <warehouse_name> TO ROLE READ_ONLY

Snowflake Setup

Log in to your Cloudaware account → Admin.

Find Snowflake in the list of integrations, click +Add.

[screen]

Create or select KeyPair (in Snowflake?)

Copy publicKey and change the RSA_PUBLIC_KEY of the user:

alter user <username> set rsa_public_key='MI...'

Fill out the following fields:

[screen]

Account ID -

Username -

Warehouse - select one of the available warehouse

Click Save.

The green light in 'Status' means that Snowflake integration has been successfully configured. If there is a red light, please contact support@cloudaware.com.

Once the integration is added, go to Cloudaware CMDB Navigator to view the Snowflake data collected under the tab 'Snowflake':

[screen]

Levels of Access

Basic

GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE READ_ONLY

Detailed

Snowflake Integration: GRANT USAGE ON INTEGRATION <integration_name> TO READ_ONLY

Snowflake Database: GRANT USAGE ON DATABASE <database_name> TO READ_ONLY

Snowflake Schema:

GRANT USAGE ON ALL SCHEMAS IN DATABASE <database_name> TO READ_ONLY
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE <database_name> TO READ_ONLY

Snowflake Stage:

GRANT USAGE ON ALL STAGES IN DATABASE <database_name> TO READ_ONLY
GRANT USAGE ON FUTURE STAGES IN DATABASE <database_name> TO READ_ONLY

Snowflake Table:

GRANT REFERENCES ON ALL EXTERNAL TABLES IN DATABASE <database_name> TO READ_ONLY
GRANT REFERENCES ON FUTURE EXTERNAL TABLES IN DATABASE <database_name> TO READ_ONLY

Snowflake Pipe:

GRANT MONITOR ON PIPE <database_name>.<schema_name>.<pipe_name> TO READ_ONLY
GRANT MONITOR ON FUTURE PIPES IN DATABASE <database_name> TO READ_ONLY

List of Supported Objects

Cloudaware supports the following Snowflake objects: