Snowflake

As a best practice, set up a dedicated Snowflake Service Account user and assign it a specific role and warehouse before configuring Connecty. This approach isolates your integration credentials and simplifies permission management, ensuring a seamless no-code connection.

Prerequisites

Snowflake Account Identifier
Username and password
Role
(Optional) Database
(Optional) Warehouse

1. Account Identifier

Your Snowflake account identifier consists of your organization name and account name, for example: myorg-account123.

You can find it under Account Details > Account > Account Identifier:

Or you can either find this in your browser's address bar when logged in. The URL will look like:

https://<account-identifier>.snowflakecomputing.com

Examples:

✅ myorg-account123 - this is correct and expected Account Identifier.
❌ myorg.account123 - 'Data Sharing Account Identifier' with a '.' (dot) instead of '-' (hyphen) is invalid.
❌ https://myorg-account123.snowflakecomputing.com - full Snowflake Account host URL is invalid account identifier.

2. Role

To enable Connecty AI to access and query data within your Snowflake account, the designated Snowflake role must satisfy the following prerequisites:

Metadata Access The role must be granted access to the relevant INFORMATION_SCHEMA views in order to retrieve metadata for the target database (or selected schemas).
Read Permissions The role must possess SELECT privileges on all objects (tables, views, etc.) within the specified database or schema subset to enable data retrieval.
Query History Visibility The role must have rights to view the account-level query history, ensuring Connecty AI can audit and analyse past queries across the entire Snowflake account.

While Snowflake’s built-in roles (e.g., ACCOUNTADMIN or SYSADMIN) inherently satisfy these requirements, it is best practice to create a custom role that includes only the minimum necessary privileges outlined above.

⚠️ Warning: If the user does not have access to the Role, then the connection will fail.

Create a Custom Role

The following script is an example how one can create new dedicate service account user for ConnectyAI with granted new custom role with all required permissions for a given database.

-- Adjust the following variables to your Snowflake setup
SET DB_NAME = 'example_db';
SET WH_NAME = 'example_wh';

-- Create a new custom role for Connecty AI
CREATE ROLE CONNECTYAI_ROLE;

-- Create new service account user for Connecty AI
CREATE USER CONNECTYAI_USER
  PASSWORD = '<yourpassword>'
  DEFAULT_ROLE = CONNECTYAI_ROLE
  DEFAULT_WAREHOUSE = <EXAMPLE_WH>   -- specify your warehouse
  COMMENT = 'Service Account User for Connecty AI';

-- Assign ConnectyAI role to Connecty AI user.
GRANT ROLE CONNECTYAI_ROLE TO USER CONNECTYAI_USER;

-- Grant access to query history on account level
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE CONNECTYAI_ROLE;

-- Grant metadata access and READ permissions for a given database
GRANT USAGE ON DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT USAGE ON ALL SCHEMAS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON ALL TABLES IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON ALL VIEWS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON ALL MATERIALIZED VIEWS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON FUTURE TABLES IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON FUTURE VIEWS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON FUTURE MATERIALIZED VIEWS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;

-- Grant WH usage to the new role
GRANT USAGE ON WAREHOUSE IDENTIFIER($WH_NAME) TO ROLE CONNECTYAI_ROLE;

3. Database (Optional)

If you leave the Database field blank, the connection will be made at the Snowflake account level, giving you access to all databases based on your role permissions. To connect to a specific database—or if your permissions are scoped to a particular database—use its name here.

4. Warehouse (Optional)

If you leave Warehouse blank, Snowflake will use your account’s default warehouse.

To run queries under a different warehouse, enter its name here.
Make sure the warehouse is assigned to your user.

Last updated 3 months ago

hashtagPrerequisites

hashtag1. Account Identifier

hashtag2. Role

hashtagCreate a Custom Role

hashtag3. Database (Optional)

hashtag4. Warehouse (Optional)