Skip to main content

Snowflake

For onboarding a new customer who has snowflake we need set of credentials and grants :

You can give Sundial Read-Only access to your existing Snowflake Schemas and Tables.

Alternatively you can create a separate Snowflake Database to store the tables which you would like to share with Sundial.

Few Steps to be followed before providing us with the credentials:

Create User, Role and attach permissions to the Tables shared with Sundial.

Read-Only Permissions

Give Read-Only access to your Snowflake Database or Tables to a new User and Role created for Sundial.

# Create Role for Sundial
CREATE ROLE SundialRole

# Create User for Sundial and assign role
CREATE USER IF NOT EXISTS SundialUser
PASSWORD = '<set_password_for_SundialUser>'
DEFAULT_ROLE = SundialRole

GRANT ROLE SundialRole to USER SundialUser;
GRANT USAGE ON WAREHOUSE <warehouse_name> TO ROLE SundialRole;
GRANT USAGE ON DATABASE <database_name> TO ROLE SundialRole;
GRANT USAGE ON SCHEMA <schema_name> TO ROLE SundialRole;
GRANT CREATE STAGE ON SCHEMA <schema_name> TO ROLE SundialRole;
GRANT SELECT ON TABLE <table_name> TO ROLE SundialRole;

For Write Permission

Sundial can store generated Standard Product Metrics into your Snowflake. If this is required, please provide the Sundial Role access to write to a Snowflake Database

# use role accountadmin;
# Create a new database for Sundial.
CREATE OR REPLACE DATABASE sundial_state_db;

# Give read-write permissions to the SundialRole to the created Database.
GRANT USAGE ON WAREHOUSE <warehouse_name> TO ROLE SundialRole;
GRANT USAGE ON DATABASE sundial_state_db TO ROLE SundialRole;
GRANT USAGE ON SCHEMA sundial_state_db.Sundial_Scratch TO ROLE SundialRole;
GRANT CREATE STAGE ON SCHEMA sundial_state_db.Sundial_Scratch TO ROLE SundialRole;

GRANT ALL ON ALL schemas in database sundial_state_db TO ROLE SundialRole;
GRANT ALL ON ALL TABLES IN SCHEMA sundial_state_db.Sundial_Scratch TO ROLE SundialRole;
GRANT ALL ON future schemas in database sundial_state_db TO ROLE SundialRole;
GRANT ALL ON future tables in schema sundial_state_db.Sundial_Scratch to ROLE SundialRole;

These grants can be extended to views and other objects in DB using the above commands by making necessary keyword changes

Credentials to be shared with Sundial:

Please share the following credentials and details with Sundial over a secure Vault or Secrets store.

SNOWFLAKE_UR : URL to the snowflake account
SNOWFLAKE_ACCOUNT : Account number(also found with in the link)
SNOWFLAKE_USER : User id for the user created for Sundial
SNOWFLAKE_PASSWORD : Password for the Sundial User
SNOWFLAKE_DATABASE : Database Names for Read-Only and Read-Write database
SNOWFLAKE_SCHEMA : Schema of the table
SNOWFLAKE_WAREHOUSE : Warehouse name provided to Sundial
SNOWFLAKE_ROLE : Role provided to Sundial