βοΈSnowflake
Step 1: Create a New User/Role for Arcwise
(Optional) Allow connection from Arcwise IP address
Creating a new user/role
-- (Optional) Edit these if you prefer something else.
SET role_name = 'ARCWISE_ROLE';
SET user_name = 'ARCWISE_USER';
-- (Optional) You can also use an existing warehouse if desired.
SET warehouse_name = 'ARCWISE_WAREHOUSE';
-- Define a password for the Arcwise user (ideally randomly generated). Remember it for later
SET user_password = '<your-password-here>';
-- Database you want to allow Arcwise to access and snapshot schema that
-- will be created in that database for data snapshot management
SET database_name = '<your-database-here>';
SET snapshot_schema_name = '_ARCWISE_SNAPSHOTS';
-- Database setup
CREATE DATABASE IF NOT EXISTS IDENTIFIER($database_name) COMMENT = 'Arcwise database';
-- Warehouse setup
CREATE WAREHOUSE IF NOT EXISTS IDENTIFIER($warehouse_name)
warehouse_size = small
warehouse_type = standard
auto_suspend = 15
auto_resume = true
initially_suspended = true;
-- Role setup
CREATE ROLE IF NOT EXISTS IDENTIFIER($role_name) COMMENT = 'Arcwise default role';
-- User setup
CREATE USER IF NOT EXISTS IDENTIFIER($user_name)
password = $user_password
first_name = 'Arcwise'
last_name = 'User'
default_warehouse = $warehouse_name
default_role = $role_name;
-- Assign user -> role
GRANT ROLE IDENTIFIER($role_name) TO USER IDENTIFIER($user_name);
-- Allow role -> warehouse & database
GRANT USAGE ON WAREHOUSE IDENTIFIER($warehouse_name) TO ROLE IDENTIFIER($role_name);
GRANT USAGE ON DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
-- Allow role to access all schemas (and tables/views within the schema)
GRANT USAGE ON ALL SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
-- (Optional) To restrict access to certain schemas: comment out the two lines above and edit below
-- GRANT USAGE ON SCHEMA <your-database>.<your-schema> TO ROLE IDENTIFIER($role_name);
GRANT SELECT ON ALL TABLES IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
GRANT SELECT ON FUTURE TABLES IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
GRANT SELECT ON ALL VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
GRANT SELECT ON FUTURE VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE IDENTIFIER($role_name);
-- Create snapshot schema and grant role ownership over that schema
SET arcwise_snapshots_schema = $database_name || '.' || $snapshot_schema_name;
CREATE SCHEMA IF NOT EXISTS IDENTIFIER($arcwise_snapshots_schema) COMMENT = 'Arcwise-operated schema for managing data snapshots';
GRANT OWNERSHIP ON SCHEMA IDENTIFIER($arcwise_snapshots_schema) TO ROLE IDENTIFIER($role_name) REVOKE CURRENT GRANTS;
-- Allow Arcwise role to analyze query history & table usage activity
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE IDENTIFIER($role_name);Step 2: Add Snowflake credentials in Arcwise
Last updated