This creates a dedicated role and technical user. Replace example_wh with your preferred warehouse. XS is enough for most installations. It is ok to share this warehouse with other workloads to save costs. Set a secure password.
createrole dot_role;createuserdot_userpassword='<something secret>'-- remember that! default_warehouse = example_wh -- specify your warehouse default_role = dot_role;grantrole dot_role to user dot_user;--allow usage of your warehousegrant usage on warehouse example_wh torole dot_role;
Grants Read Access to Data
It is recommended to grant permissions only to schemas or tables your end-users should have access to. This is usually a schema with core or reporting tables.
-- gives access to all objects in a schema set db_name ='example_db'; -- specify name of database set schema_name ='example_schema'; -- specify name of schema set db_schema_name = $db_name ||'.'|| $schema_name; grant usage ondatabase identifier($db_name) torole dot_role; grant usage onschema identifier($db_schema_name) torole dot_role; grantselecton all tables inschema identifier($db_schema_name) torole dot_role; grantselecton future tables inschema identifier($db_schema_name) torole dot_role; grantselecton all views inschema identifier($db_schema_name) torole dot_role; grantselecton future views inschema identifier($db_schema_name) torole dot_role; grantselecton all materialized views inschema identifier($db_schema_name) torole dot_role; grantselecton future materialized views inschema identifier($db_schema_name) torole dot_role;
For shared databases the following statement is enough.
grant imported privileges ondatabase shared_external_db torole dot_role;
Grants Read Access to Account Information (optional)
Grant access to the query history from Snowflake.
grant imported privileges ondatabase snowflake torole dot_role;
Allow Dot IPs
If your organization uses a network policy to manage Snowflake access, Dot will only access your Snowflake through the following IPs:
