Snowflake

Euno's Snowflake integration supports auto-discovery of:

• Snowflake Views

• Usage information of applications using Snowflake, like Tableau

Setting up Snowflake integration

Required Snowflake Permissions

In order to integrate with Euno, create a custom role in Snowflake with the permissions listed below. In the code snippet below, we create a user euno_user, with password euno_password and a role euno_role.

Euno discovers Snowflake resources by issuing SQL queries on Snowflake's system database and information schema. The Snowflake role require the Snowflake USAGE grant on a Snowflake warehouse. In the code snippet below, we use the warehouse euno_dwh.

CREATE ROLE euno_role;
CREATE USER euno_user PASSWORD='euno_password' DEFAULT_ROLE='euno_role';
GRANT ROLE euno_role TO USER euno_user;
GRANT USAGE ON WAREHOUSE euno_dwh TO ROLE euno_role;
GRANT DATABASE ROLE SNOWFLAKE.OBJECT_VIEWER TO ROLE euno_role;
GRANT DATABASE ROLE SNOWFLAKE.GOVERNANCE_VIEWER TO ROLE euno_role;

In some environments, users may prefer to grant the Euno integration access to read the metadata of views defined in specific databases, rather than to all the databases in the Snowflake account. For more information, see Control which views metadata Euno has access to.

In some environments, users may prefer to limit the rows or columns in the Snowflake query history that Euno integration has access to. For more information, see Using a non-default query history view.

Setup Steps

To integrate a Snowflake account please follow the below steps:

Integration Configuration

Asterik (*) means a mandatory field.

Using a non-default query history view

By default, Euno uses the system view snowflake.account_usage.query_history to discover the query history.

You might prefer, for security reasons, to limit the rows or columns that Euno integration has access to.

In that case, you can manually create a Snowflake view to expose a subset of the query hisotry. In order for Euno to use this non-default Snowflake view, the following columns, available in snowflake.account_usage.query_history, must be exposed by the view:

• query_tag

• total_elapsed_time

• bytes_scanned

• start_time

• end_time

• query_type

Make sure you grant Euno permissions to SELECT on this view. Below is an example of creating such a view, and excluding records that were initiated by the user PRIVATE_USER

CREATE OR REPLACE VIEW user.public.query_history_for_euno AS (
  SELECT query_tag, total_elapsed_time, start_time, end_time, bytes_scanned, query_type
  FROM snowflake.account_usage.query_history
  WHERE user_name != 'PRIVATE_USER'
);

GRANT SELECT ON VIEW user.public.query_history_for_euno TO ROLE euno_role;

Control which views metadata Euno has access to

By default, the Euno integration uses the system view snowflake.account_usage.views to discover all Snowflake views defined in the snowflake account.

In some environments, users may prefer to grant the Euno integration access to read the metadata of views defined in specific databases, rather than to all the databases in the Snowflake account.

To set up Euno this way, follow these steps:

1. Grant the Snowflake role used by Euno access to the metadata of views defined in the needed database. For example, to grant the Snowflake role euno_role access to the metadata of views defined in the database example_database, execute:

GRANT USAGE ON DATABASE example_database TO ROLE euno_role;
GRANT USAGE ON ALL SCHEMAS IN DATABASE example_database TO ROLE euno_role;
GRANT REFERENCES ON ALL VIEWS IN DATABASE example_database TO ROLE euno_role;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE example_database TO ROLE euno_role;
GRANT REFERENCES ON FUTURE VIEWS IN DATABASE example_database TO ROLE euno_role;

1. Uncheck the box "Use Snowflake system database to query for Snowflake views" in the integration configuration.

Discovered Resources

The Euno-Snowflake integration discovers the following resources:

Snowflake views