Decube
Search…
⌃K

Snowflake

Here is how to connect decube with Snowflake.
Connecting to decube is as easy as providing us with credentials to your Snowflake instance. We require the following credentials:
  • username
  • password
  • account_name
  • warehouse_name
  • role_name
Connect to Snowflake
The source name will be for you to differentiate and recognize particular sources within the decube application.

Prerequisite

To ensure a smooth experience configuring the connection.
  1. 1.
    The user decubeuser and role decuberole is created and given the proper privileges for monitoring.
  2. 2.
    Steps 4 or 5 below needs to be repeated for every database that needs to be monitored.

Account Name

Copy the account url and it should look like
https://<account_number>.<region>.snowflakecomputing.com.
Your account name will be the <account_number>.<region>

Configuring User, Role and Privileges

1. On a Snowflake worksheet, copy the commands below and modify as necessary. We have the user called decubeuser and role called decuberole
CREATE ROLE decuberole;
CREATE USER decubeuser DEFAULT_ROLE = "decuberole" MUST_CHANGE_PASSWORD = FALSE;
GRANT ROLE decuberole TO USER decubeuser;
GRANT MONITOR EXECUTION ON ACCOUNT TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE decuberole;
2. The source type for the database has to be known. To get this information, from Snowflake dashboard click on Data -> Databases. On the left panel, a list of Databases can be seen along with Source.
3. If Source if local, modify database_name, copy into a worksheet and run the commands.
SET database_name='change_me'
-- for datasets that are local
GRANT USAGE ON ALL SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT SELECT ON ALL TABLES IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT SELECT ON FUTURE TABLES IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT SELECT ON ALL VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT SELECT ON FUTURE VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT SELECT ON ALL MATERIALIZED VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT SELECT ON FUTURE MATERIALIZED VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
4. If Source is shared, modify database_name, copy into a worksheet and run the commands.
SET database_name='change_me'
-- for datasets that are shared
GRANT IMPORTED PRIVILEGES ON DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES ON ALL SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT SELECT ON FUTURE SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES ON ALL SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES ON FUTURE SCHEMAS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES ALL TABLES IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES FUTURE TABLES IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES ALL VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES FUTURE VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES ALL IN MATERIALIZED VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
GRANT IMPORTED PRIVILEGES FUTURE IN MATERIALIZED VIEWS IN DATABASE IDENTIFIER($database_name) TO ROLE decuberole;
5. Steps 4 or 5 needs to be repeated for every database that needs to be monitored.