Native Snowflake Installation
Audience: System Administrators
Content Summary: This page details how to install the Native Dynamic Snowflake access pattern. Immuta allows the user to connect multiple Snowflake instances in a single Immuta instance.
Add the Native Integration
- Click the App Settings icon in the left sidebar.
- Click Native Integrations in the left panel.
Click the +Add Native Integration button and select Snowflake from the dropdown menu.
Complete the Host, Port, and Default Warehouse fields.
Opt to check the Enable Project Workspace box. This will allow for managed Write access within Snowflake.
You have two options for installing the Native Snowflake and Snowflake Workspace access patterns: automatic or manual setup.
Select Automatic and enter your Username, Password, and Role.
Note: When performing an automated installation, the credentials provided must have the ability to both CREATE databases and CREATE, GRANT, REVOKE, and DELETE roles. In a typical Snowflake environment the only users with access to the necessary permissions are those who have the ACCOUNTADMIN role.
Best Practices: Account Creation
The account you create for Immuta should only be used for the native integration and should NOT be used as the credentials when creating data sources within Immuta. This will cause issues.
Create a dedicated READ-ONLY account for creating and registering data sources within Immuta. This account should also not be the account used to configure the native integration.
The specified role needs to have the following privileges: CREATE DATABASE ON ACCOUNT WITH GRANT OPTION, CREATE ROLE ON ACCOUNT WITH GRANT OPTION, CREATE USER ON ACCOUNT WITH GRANT OPTION, and MANAGE GRANTS ON ACCOUNT.
Download and run the bootstrap script linked in the Setup section.
Select Manual and enter the Username and Password for the Immuta System Account Credentials.
If you enabled a Snowflake workspace, select Warehouses from the dropdown menu that will be available to project owners when creating native Snowflake workspaces. Select from a list of all the warehouses available to the privileged account entered above. Note that any warehouse accessible by the PUBLIC role does not need to be explicitly added.
- Click Test Snowflake Connection.
- Once the credentials are successfully tested, click Save.
Now that Snowflake has been enabled, all future Snowflake data sources will also be created natively
immuta database of the linked Snowflake instance. In addition to creating views, Immuta will also
periodically sync user metadata to a system table within the Snowflake instance.