Snowflake
Integrating Snowflake with Synq
This guide will show you how to securely connect Synq to your Snowflake instance. We need this information so we collect metadata about your tables.
To be able to finish this guide, you’ll need the following:
→ Access to modify your Snowflake configuration as account admin
⏱️ Estimated time to finish: 10 minutes.
Data we collect
For the automated data anomaly testing we collect the following:
- Number of rows in every table in a given dataset
- Timestamp of the last change of data in all tables in a given dataset
Synq accesses data via dedicated xsmall warehouse which helps you isolate our workload from the rest of your production data. We query data as a dedicated Synq user with a dedicated role to clearly define access level policies. Data is collected every 30 minutes.
Synq should be expected to consume $0.0003 (see warehouses overview) x 48 (every 30 minutes) x 10 (10s per check) = 0.14 credits per day.
Before you execute your scripts you will need several key variables:
warehouse_name
that is the name of the warehouse you will create for Synq (e.g.SYNQ_WH
)database_name
as an identifier of database (or multiple) you want to monitor
The following setup does several separate steps:
- It creates dedicated
username
androle
for Synq - It creates
xsmall
data warehouse that we can use to query your metadata - Grant necessary privileges to Synq user/role so we can pull query history and monitor the target database
Setup a user and warehouse
As a super user, execute the following SQL commands to create a read-only role, a user assigned to that role, and a warehouse for that role.
We recommend that you create user name and a warehouse dedicated to Synq.
Password authentication
In the code, remember to replace:
<user_password>
with a password<warehouse_name>
with the name you want your Synq’s warehouse to have
Key-pair authentication
In the code, remember to replace:
<rsa_public_key>
with a key generated by SYNQ<warehouse_name>
with the name you want your Synq’s warehouse to have
Grant access to monitored database
We recommend setting access on Schema level, as long as it is aligned with your permissions management strategy.
Applying schema level future grants in a Snowflake account where there are only database future grants can break existing roles! From Snowflake’s docs:
“When future grants are defined at both the database and schema level, the schema level grants take precedence over the database level grants, and the database level grants are ignored. An important point to note here is that as long as there is a SCHEMA level future grants, ALL DATABASE levels will be ignored, even for the roles that are NOT defined in the SCHEMA level future grants.”
If you use schema grants follow Option 1, if you use database grants follow Option 2.
Option 1 (Recommended): Grant access to all schemas
The following stored procedure iterates through each schema in a given database, then grants access to each table in a given schema. This stored procedure should be run as follows each time a new schema is created. This script should be run in the same Worksheet as 1. Setup user and warehouse
Replace <database_name>
with the name of your database.
Option 2: Grant access to a database
This script should be run in the same Worksheet as 1. Setup user and warehouse
Replace <database_name>
with the name of your database.
Once you’ve run successfully created the warehouse, database, and Synq role, input the following data in Synq
Input data in the Synq UI
Integration name
For example, snowflake
Account name
You can find it under Admin
> Accounts
when you highlight the link icon (🔗).
Database
The name of the database you created earlier in the guide
Role, username, and password
The role name, username, and password you created for the Synq role earlier in the guide
Warehouse
The name of the warehouse you created earlier in the guide