Creating Protecto user and role

Execute the below commands in Snowflake using a role with sufficient privileges (preferably ACCOUNTADMIN)

1. Create a role "PROTECTO_ROLE" in Snowflake.

2. Create a warehouse "PROTECTO_WH".

3. Create a user "PROTECTO_USER" and assign to the above role.

Reference queries:

CREATE ROLE "PROTECTO_ROLE";

CREATE WAREHOUSE PROTECTO_WH WITH WAREHOUSE_SIZE = 'MEDIUM' WAREHOUSE_TYPE = 'STANDARD' AUTO_SUSPEND = 900 AUTO_RESUME = TRUE MIN_CLUSTER_COUNT = 1 MAX_CLUSTER_COUNT = 2 SCALING_POLICY = 'STANDARD';

GRANT USAGE ON WAREHOUSE "PROTECTO_WH" TO ROLE "PROTECTO_ROLE";

CREATE USER "PROTECTO_USER"

MUST_CHANGE_PASSWORD = FALSE

DEFAULT_ROLE = "PROTECTO_ROLE"

PASSWORD = "<password>";

GRANT ROLE "PROTECTO_ROLE" TO USER "PROTECTO_USER";

Granting access required in Snowflake

• Grant "SELECT" and "USAGE" privilege for all databases, schemas and tables for "PROTECTO_ROLE" role.

• Grant 'imported privileges' on database snowflake to read logs from the snowflake history.

Reference queries:

GRANT USAGE ON DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";

GRANT USAGE ON FUTURE SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";

GRANT USAGE ON ALL SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";

GRANT SELECT ON FUTURE TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";

GRANT SELECT ON ALL TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";

Note: Above commands should be executed on all the databases created in the future on which Protecto should perform analysis

Grant "IMPORTED PRIVILEGES" on database snowflake to "PROTECTO_ROLE";

Details required for the next step:

• Warehouse name

• Account name

• Role

• Username

• Password