Snowflake

Setting up a Snowflake user for Canvas

Canvas requires a few fields in order to connect with your Snowflake instance:

  1. Account ID

  2. Username and Password

  3. Database

  4. Warehouse

Account ID

Every Snowflake account has a unique Account Identifier assigned to it. This is in the URL you use to access Snowflake. You can simply paste in the entire URL during the onboarding, for example:

https://wsp61726.snowflakecomputing.com/console/login#/

Note that this URL sometimes includes a service name and region, such as:

https://aws.us-east-1.wsp61726.snowflakecomputing.com/console/login#/ In this case your Snowflake account ID would include the provider and region and would be wsp61726.us-east-1.aws.

Username and Password

In order to display your data Canvas requires a user with usage grants on any databases and schemas you want to access and select grants on any tables and views you want to access. Following the principle of least privilege, we recommend creating a user for Canvas with the minimum set of permission necessary.

We recommend the following commands for creating this user:

-- change role to ACCOUNTADMIN
use role ACCOUNTADMIN;

-- create role for Canvas
create role if not exists canvas_role;
grant role canvas_role to role SYSADMIN;

-- create a user for Canvas
create user if not exists canvas_user
    password = '<password>';
grant role canvas_role to user canvas_user;
alter user canvas_user
set default_role = canvas_role;

-- change role to SSYADMIN
use role SYSADMIN;

grant usage on database <database> to role canvas_role;
grant usage on schema <database>.<schema> to role canvas_role;

-- grant select on all tables as well as all future tables
grant select on all views in schema <database>.<schema> to role canvas_role;
grant select on future views in schema <database>.<schema> to role canvas_role;
grant select on all tables in schema <database>.<schema> to role canvas_role;
grant select on future tables in schema <database>.<schema> to role canvas_role;
-- OR to grant on entire database
grant select on all tables in database <database> to role canvas_role;
grant select on future tables in database <database> to role canvas_role;
grant select on all views in database <database> to role canvas_role;
grant select on future views in database <database> to role canvas_role;

Additionally, if your Snowflake instance has a network access policy you will need to whitelist the following IP addresses for this user:

  • 44.224.89.3

  • 35.80.194.138

  • 44.241.79.133

Once you've entered the above fields and Canvas has confirmed that your credentials work, you will be able to select the database and warehouse that Canvas should use.

Database

Select the database that you'd like to work with in Canvas. Note that you will need to grant the privileges listed above in order for the user to access the table.

Warehouse

Select the warehouse that Canvas should use to run its queries. This can be useful to track how much usage Canvas is incurring on your instance. Note that you will need to grant the user above the USAGE privilege on this warehouse, IE:

GRANT USAGE ON WAREHOUSE CANVAS_WAREHOUSE TO ROLE CANVAS_ROLE;
PreviousData WarehousesNextRedshift

Last updated