# Snowflake

{% embed url="<https://www.youtube.com/watch?v=Nhr6zkEb1a0>" %}

As a best practice, set up a dedicated Snowflake Service Account user and assign it a specific role and warehouse before configuring Connecty. This approach isolates your integration credentials and simplifies permission management, ensuring a seamless no-code connection.

### Prerequisites

* **Snowflake Account Identifier**
* **Username** and **password**
* **Role**
* (Optional) Database
* (Optional) Warehouse

### 1. Account Identifier

Your Snowflake account identifier consists of your organization name and account name, for example: `myorg-account123`.

{% hint style="info" %}
You can find it under Account Details > Account > Account Identifier:
{% endhint %}

<figure><img src="/files/mb3pD1Cfq8YkKDI9tCIT" alt=""><figcaption><p>Where to find Snowflake Account Identifier</p></figcaption></figure>

{% hint style="info" %}
Or you can either find this in your browser's address bar when logged in. The URL will look like:

```
https://<account-identifier>.snowflakecomputing.com
```

{% endhint %}

Examples:

* ✅ `myorg-account123` - this is correct and expected Account Identifier.
* ❌ `myorg.account123` - 'Data Sharing Account Identifier' with a '.' (dot) instead of '-' (hyphen) is invalid.
* ❌ `https://myorg-account123.snowflakecomputing.com` - full Snowflake Account host URL is **invalid** account identifier.

### 2. Role

To enable Connecty AI to access and query data within your Snowflake account, the designated Snowflake role must satisfy the following prerequisites:

1. **Metadata Access**\
   The role must be granted access to the relevant `INFORMATION_SCHEMA` views in order to retrieve metadata for the target database (or selected schemas).
2. **Read Permissions**\
   The role must possess `SELECT` privileges on all objects (tables, views, etc.) within the specified database or schema subset to enable data retrieval.
3. **Query History Visibility**\
   The role must have rights to view the account-level query history, ensuring Connecty AI can audit and analyse past queries across the entire Snowflake account.

While Snowflake’s built-in roles (e.g., `ACCOUNTADMIN` or `SYSADMIN`) inherently satisfy these requirements, it is best practice to create a custom role that includes only the minimum necessary privileges outlined above.

> ⚠️ **Warning:** If the user does **not** have access to the **Role**, then the connection will fail.

#### Create a Custom Role

The following script is an example how one can create new dedicate service account user for ConnectyAI with granted new custom role with all required permissions for a given database.

```sql
-- Adjust the following variables to your Snowflake setup
SET DB_NAME = 'example_db';
SET WH_NAME = 'example_wh';

-- Create a new custom role for Connecty AI
CREATE ROLE CONNECTYAI_ROLE;

-- Create new service account user for Connecty AI
CREATE USER CONNECTYAI_USER
  PASSWORD = '<yourpassword>'
  DEFAULT_ROLE = CONNECTYAI_ROLE
  DEFAULT_WAREHOUSE = <EXAMPLE_WH>   -- specify your warehouse
  COMMENT = 'Service Account User for Connecty AI';

-- Assign ConnectyAI role to Connecty AI user.
GRANT ROLE CONNECTYAI_ROLE TO USER CONNECTYAI_USER;

-- Grant access to query history on account level
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE CONNECTYAI_ROLE;

-- Grant metadata access and READ permissions for a given database
GRANT USAGE ON DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT USAGE ON ALL SCHEMAS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON ALL TABLES IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON ALL VIEWS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON ALL MATERIALIZED VIEWS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON FUTURE TABLES IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON FUTURE VIEWS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;
GRANT SELECT ON FUTURE MATERIALIZED VIEWS IN DATABASE IDENTIFIER($DB_NAME) TO ROLE CONNECTYAI_ROLE;

-- Grant WH usage to the new role
GRANT USAGE ON WAREHOUSE IDENTIFIER($WH_NAME) TO ROLE CONNECTYAI_ROLE;
```

### 3. Database (Optional)

If you leave the **Database** field blank, the connection will be made at the Snowflake account level, giving you access to all databases based on your role permissions. To connect to a specific database—or if your permissions are scoped to a particular database—use its name here.

### 4. Warehouse (Optional)

If you leave **Warehouse** blank, Snowflake will use your account’s default warehouse.

* To run queries under a different warehouse, enter its name here.
* Make sure the warehouse is assigned to your user.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://connectyai.gitbook.io/documentation/getting-started/data-connections-guide/snowflake.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.