Getting Started
Search
K
Comment on page

Create and grant access to Protecto

Creating Protecto user and role

Execute the below commands in Snowflake using a role with sufficient privileges (preferably ACCOUNTADMIN)
  1. 1.
    Create a role "PROTECTO_ROLE" in Snowflake.
  2. 2.
    Create a warehouse "PROTECTO_WH".
  3. 3.
    Create a user "PROTECTO_USER" and assign to the above role.

Reference queries:

CREATE ROLE "PROTECTO_ROLE";
CREATE WAREHOUSE PROTECTO_WH WITH WAREHOUSE_SIZE = 'MEDIUM' WAREHOUSE_TYPE = 'STANDARD' AUTO_SUSPEND = 900 AUTO_RESUME = TRUE MIN_CLUSTER_COUNT = 1 MAX_CLUSTER_COUNT = 2 SCALING_POLICY = 'STANDARD';
GRANT USAGE ON WAREHOUSE "PROTECTO_WH" TO ROLE "PROTECTO_ROLE";
CREATE USER "PROTECTO_USER"
MUST_CHANGE_PASSWORD = FALSE
DEFAULT_ROLE = "PROTECTO_ROLE"
PASSWORD = "<password>";
GRANT ROLE "PROTECTO_ROLE" TO USER "PROTECTO_USER";
Granting access required in Snowflake
  • Grant "SELECT" and "USAGE" privilege for all databases, schemas and tables for "PROTECTO_ROLE" role.
  • Grant 'imported privileges' on database snowflake to read logs from the snowflake history.
Reference queries:
GRANT USAGE ON DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
GRANT USAGE ON ALL SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
GRANT SELECT ON FUTURE TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
GRANT SELECT ON ALL TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
Note: Above commands should be executed on all the databases created in the future on which Protecto should perform analysis
Grant "IMPORTED PRIVILEGES" on database snowflake to "PROTECTO_ROLE";
Details required for the next step:
  • Warehouse name
  • Account name
  • Role
  • Username
  • Password