# Create and grant access to Protecto

## **Creating Protecto user and role**

Execute the below commands in Snowflake using a role with sufficient privileges (preferably ACCOUNTADMIN)

1. Create a role "PROTECTO\_ROLE" in Snowflake.
2. Create a warehouse "PROTECTO\_WH".
3. Create a user "PROTECTO\_USER" and assign to the above role.

#### Reference queries:

CREATE ROLE "PROTECTO\_ROLE";

CREATE WAREHOUSE PROTECTO\_WH WITH WAREHOUSE\_SIZE = 'MEDIUM' WAREHOUSE\_TYPE = 'STANDARD' AUTO\_SUSPEND = 900 AUTO\_RESUME = TRUE MIN\_CLUSTER\_COUNT = 1 MAX\_CLUSTER\_COUNT = 2 SCALING\_POLICY = 'STANDARD';

GRANT USAGE ON WAREHOUSE "PROTECTO\_WH" TO ROLE "PROTECTO\_ROLE";

CREATE USER "PROTECTO\_USER"

 MUST\_CHANGE\_PASSWORD = FALSE

DEFAULT\_ROLE = "PROTECTO\_ROLE"

&#x20;PASSWORD = "\<password>";

GRANT ROLE "PROTECTO\_ROLE" TO USER "PROTECTO\_USER";

**Granting access required in Snowflake**

* Grant "SELECT" and "USAGE" privilege for all databases, schemas and tables for "PROTECTO\_ROLE" role.
* Grant 'imported privileges' on database snowflake to read logs from the snowflake history.

**Reference queries:**

GRANT USAGE ON DATABASE "\<database\_name>" TO ROLE "PROTECTO\_ROLE";

GRANT USAGE ON FUTURE SCHEMAS IN DATABASE "\<database\_name>" TO ROLE "PROTECTO\_ROLE";

GRANT USAGE ON ALL SCHEMAS IN DATABASE "\<database\_name>" TO ROLE "PROTECTO\_ROLE";

GRANT SELECT ON FUTURE TABLES IN DATABASE "\<database\_name>" TO ROLE "PROTECTO\_ROLE";

GRANT SELECT ON ALL TABLES IN DATABASE "\<database\_name>" TO ROLE "PROTECTO\_ROLE";

**Note**: Above commands should be executed on all the databases created in the future on which Protecto should perform analysis

Grant "IMPORTED PRIVILEGES" on database snowflake to "PROTECTO\_ROLE";

**Details required for the next step:**

* Warehouse name
* Account name
* Role
* Username
* Password

&#x20;

&#x20;