Create and grant access to Protecto
Creating Protecto user and role
Execute the below commands in Snowflake using a role with sufficient privileges (preferably ACCOUNTADMIN)
Create a role "PROTECTO_ROLE" in Snowflake.
Create a warehouse "PROTECTO_WH".
Create a user "PROTECTO_USER" and assign to the above role.
Reference queries:
CREATE ROLE "PROTECTO_ROLE";
CREATE WAREHOUSE PROTECTO_WH WITH WAREHOUSE_SIZE = 'MEDIUM' WAREHOUSE_TYPE = 'STANDARD' AUTO_SUSPEND = 900 AUTO_RESUME = TRUE MIN_CLUSTER_COUNT = 1 MAX_CLUSTER_COUNT = 2 SCALING_POLICY = 'STANDARD';
GRANT USAGE ON WAREHOUSE "PROTECTO_WH" TO ROLE "PROTECTO_ROLE";
CREATE USER "PROTECTO_USER"
MUST_CHANGE_PASSWORD = FALSE
DEFAULT_ROLE = "PROTECTO_ROLE"
PASSWORD = "<password>";
GRANT ROLE "PROTECTO_ROLE" TO USER "PROTECTO_USER";
Granting access required in Snowflake
Grant "SELECT" and "USAGE" privilege for all databases, schemas and tables for "PROTECTO_ROLE" role.
Grant 'imported privileges' on database snowflake to read logs from the snowflake history.
Reference queries:
GRANT USAGE ON DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
GRANT USAGE ON ALL SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
GRANT SELECT ON FUTURE TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
GRANT SELECT ON ALL TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ROLE";
Note: Above commands should be executed on all the databases created in the future on which Protecto should perform analysis
Grant "IMPORTED PRIVILEGES" on database snowflake to "PROTECTO_ROLE";
Details required for the next step:
Warehouse name
Account name
Role
Username
Password
Last updated