Arcwise Documentation
English
English
  • 👋Welcome to Arcwise!
  • 📘Arcwise setup
    • ⚙️User & Role Management
    • 🌐Add to Google Workspace
    • 🔌Connect Data Warehouse
      • 📫Arcwise Fixed IP Address
      • ❄️Snowflake
      • 🔍BigQuery
      • 🐘Postgres
      • 🧱Databricks
      • 🪶Athena
      • 🪣S3
    • 💻Connecting data tools
      • 🎆Connect to dbt
      • 🔎Connect to Looker
      • 🧊Connect to Cube
    • 📜Audit logging
    • ☁️Integrations
      • Overview
      • Hubspot
      • Salesforce
    • ❔FAQ
  • 🔐Google Login Errors
  • 📜Product Changelog
  • Connecting data
    • ✨Connecting Data
    • 💿Data Warehouse
    • ⬆️Uploading CSV Files
    • 🔨Importing Data from Other Tools
    • 🤖Selecting Spreadsheet Data for AI Analysis
  • Using Arcwise in sheets
    • ▶️Arcwise Connected Data
      • Adding Columns
      • Filtering
      • Sorting
    • 🗃️Working With Large Data
    • 🧪Using Formulas in Sheets
    • 🟰Supported Formulas
    • 📊Pivot Tables
    • 📉Creating Manual Visualizations
  • Using Arcwise AI Analyst
    • 🤖AI Analyst Overview
    • ❇️Using AI Analyst in Sheets
    • 📂Getting Data Using AI
    • 📈Creating a Visual
    • 💡Generating an Insight
    • 📃Using AI Analyst on Spreadsheet Data
    • Embedding the AI Analyst Chat
  • Using Arcwise AI Formulas
    • 🤖GPT Formulas Overview
    • ✔️GPT Formula Basics
    • 📖GPT Formula Reference
Powered by GitBook
On this page
  • Step 1: Create a New User/Role for Arcwise
  • (Optional) Allow connection from Arcwise IP address
  • Step 2: Add Snowflake credentials in Arcwise
  1. Arcwise setup
  2. Connect Data Warehouse

Snowflake

Step 1: Create a New User/Role for Arcwise

We recommend creating a separate Snowflake user & role for Arcwise access to have better visibility and granular access management. (It’s possible to skip to step 2 and provide an existing set of credentials instead).

(Optional) Allow connection from Arcwise IP address

If you need to add a fixed IP address to your allowlist or network policy, please refer to our Arcwise Fixed IP Address page.

Creating a new user/role

We’ve provided a script here to help with role and user creation. You can paste this directly into Snowsight if you have SYSADMIN or ACCOUNTADMIN privileges.

IMPORTANT

  • Take care to replace the highlighted values in the query below!

  • Make sure to execute all of the queries! Select the entire query text before running if using Snowsight, or check the “All Queries” checkbox if using the legacy console.

By default, this will allow the Arcwise role to access all schemas in $database_name, but this can be restricted if preferred (see highlighted GRANT USAGE ON SCHEMA below). Be sure that each query runs successfully!

-- (Optional) Edit these if you prefer something else.
SET role_name = 'ARCWISE_ROLE';
SET user_name = 'ARCWISE_USER';
-- (Optional) You can also use an existing warehouse if desired.
SET warehouse_name = 'ARCWISE_WAREHOUSE';

-- Define a password for the Arcwise user (ideally randomly generated). Remember it for later
SET user_password = '<your-password-here>';

-- Database you want to allow Arcwise to access and snapshot schema that
-- will be created in that database for data snapshot management
SET database_name = '<your-database-here>';
SET snapshot_schema_name = '_ARCWISE_SNAPSHOTS';

-- Database setup
CREATE DATABASE IF NOT EXISTS IDENTIFIER($database_name) COMMENT = 'Arcwise database';

-- Warehouse setup
CREATE WAREHOUSE IF NOT EXISTS IDENTIFIER($warehouse_name)
	warehouse_size = small
	warehouse_type = standard
	auto_suspend = 15
	auto_resume = true
	initially_suspended = true;

-- Role setup
CREATE ROLE IF NOT EXISTS IDENTIFIER($role_name) COMMENT = 'Arcwise default role';

-- User setup
CREATE USER IF NOT EXISTS IDENTIFIER($user_name)
	password = $user_password
	first_name = 'Arcwise'
	last_name = 'User'
	default_warehouse = $warehouse_name
	default_role = $role_name;

-- Assign user -> role
GRANT ROLE IDENTIFIER($role_name) TO USER IDENTIFIER($user_name);

-- Allow role -> warehouse & database
GRANT USAGE ON WAREHOUSE IDENTIFIER($warehouse_name) TO ROLE IDENTIFIER($role_name);
GRANT USAGE ON DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);

-- Allow role to access all schemas (and tables/views within the schema)
GRANT USAGE ON ALL SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
-- (Optional) To restrict access to certain schemas: comment out the two lines above and edit below
-- GRANT USAGE ON SCHEMA <your-database>.<your-schema> TO ROLE IDENTIFIER($role_name);

GRANT SELECT ON ALL TABLES IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
GRANT SELECT ON FUTURE TABLES IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);

GRANT SELECT ON ALL VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
GRANT SELECT ON FUTURE VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);

-- Create snapshot schema and grant role ownership over that schema
SET arcwise_snapshots_schema = $database_name || '.' || $snapshot_schema_name;
CREATE SCHEMA IF NOT EXISTS IDENTIFIER($arcwise_snapshots_schema) COMMENT = 'Arcwise-operated schema for managing data snapshots';
GRANT OWNERSHIP ON SCHEMA IDENTIFIER($arcwise_snapshots_schema) TO ROLE IDENTIFIER($role_name) REVOKE CURRENT GRANTS;

-- Allow Arcwise role to analyze query history & table usage activity
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE IDENTIFIER($role_name);

By default the above commands will not give the SYSADMIN role access to data managed by Arcwise. To have the Arcwise role inherit from SYSADMIN and therefore grant that role full access run the following command:

GRANT ROLE IDENTIFIER($role_name) TO ROLE SYSADMIN;

Step 2: Add Snowflake credentials in Arcwise

  1. Click on the “Create” button to add the first connection.

  2. Fill out the credentials based on the variables you filled in above. Additional instructions can be found for each section below.

Name

A user-friendly name that describes the purpose of the connection. Will be shown to end-users in Arcwise.

Account

account_locator.cloud_region_id.cloud

EG: uc1234.us-west-1.aws

In Snowsight, you can hover over account menu in the bottom left and click Copy account URL; then remove the leading https:// and trailing .snowflakecomputing.com

Warehouse

Use the $warehouse_name value from the SQL query (e.g. ARCWISE_WAREHOUSE)

Database

Use the $database_name value from the SQL query.

Snapshot Schema

Use the $snapshot_schema_name value from the SQL query.

Username/Password

$user_name and $user_password from the SQL query.

All credentials are stored securely using bank-level (256-bit) encryption. Once you hit Save and the connection has been added, you can switch over to the “Tables” tab to see all the tables that will be exposed in Arcwise.

If you get an error that the username/password didn’t work, please double check that the all queries in the “Create a new user/role” script ran successfully.

PreviousArcwise Fixed IP AddressNextBigQuery

Last updated 1 year ago

Go to the “Connections” tab in the Arcwise admin panel ()

This is your . It should be in the format:

📘
🔌
❄️
https://admin.arcwise.app/#/warehouse_connections
Snowflake account identifier