Snowflake

Suggest Edits

Create read-only user

Create a dedicated Teleskope user with a default warehouse set.
For each snowflake warehouse and database, grant the Teleskope user read only access.

Teleskope also needs read access to the accounts_usage schemas to determine when a data asset was last used.

use role ACCOUNTADMIN;

set role =teleskope_role;
set user =teleskope;
set password ='{password}';

create role if not exists identifier($role);

set warehouse ='{warehouse}';

--for each database
set database ='{database}';

grant usage on warehouse identifier($warehouse) to role identifier($role);
grant usage on database identifier($database) to role identifier($role);    
grant usage on all schemas in database identifier($database) to role identifier($role);
grant usage on future schemas in database identifier($database) to role identifier($role);
grant select on future tables in database identifier($database) to role identifier($role);
grant select on all tables in database identifier($database) to role identifier($role);                           
grant select on future views in database identifier($database) to role identifier($role);         
grant select on all views in database identifier($database) to role identifier($role); 
          
create user identifier($user) 
  password = $password
  default_warehouse = $warehouse
  default_role = $role
  comment ='Teleskope read only user';

grant role identifier($role) to user identifier($user);

Create read-write user

If enrolling in the dsr funcionality, create a dedicated read/write Teleskope user.

For each snowflake warehouse and database, grant the Teleskope user access.

use role ACCOUNTADMIN;

set role ='teleskope_role';
set user ='teleskope';
set password ='{password}';

create role if not exists identifier($role);

set warehouse ='{warehouse}';

-- for database

set database ='{database}';

grant usage on warehouse identifier($warehouse) to role identifier($role);
grant usage on database identifier($database) to role identifier($role);    
grant usage on all schemas in database identifier($database) to role identifier($role);
grant usage on future schemas in database identifier($database) to role identifier($role);
grant select, delete on future tables in database identifier($database) to role identifier($role);
grant select, delete on all tables in database identifier($database) to role identifier($role);                           
grant select, delete on future views in database identifier($database) to role identifier($role);         
grant select, delete  on all views in database identifier($database) to role identifier($role); 
          
create user identifier($user) 
  password = $password
  default_warehouse = $warehouse
  default_role = $role
  comment ='Teleskope read only user';

grant role identifier($role) to user identifier($user);

Enrollment

To enroll your Snowflake instance:

  1. Navigate to settings-> Connector Settings -> Snowflake -> + Enroll New Account
  2. Enter your account information and click Next
  3. Choose your Authentication Type.
  4. Enter your user credentials or keypair and click Enroll

Updated about 16 hours ago