Snowflake

1. Create Role

Login to your Snowflake account and switch role to ACCOUNTADMIN.

Click on Account tab.
Go to Roles tab and click on Create icon.
Create a Role by entering a Name and selecting Parent Role, then click Finish.

2. Create User

Go to Users tab and click on Create icon.
In General section enter User Name and Password details. ZILLAREADERUSER is an example, you can choose any name you want. Note down the User Name for later steps. Click Next.
In Advanced section fill in the details, see Note below.

Note: Login Name should be the User Name provided in the General section, Email should be an email address from your organization, zillareaderuser@example.com is just an example. Click Next.
In Preferences section, select the role created in “1. Create Role” section above as Default Role and click Finish.

3. Create Key Pair Authentication for the User

a. Generate the Private Key

To generate an unencrypted version, use the following command:

$ openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

To generate an encrypted version, use the following command (which omits “-nocrypt”):

$ openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8

b. Generate a Public Key

$ openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

c. Store the Private and Public Keys Securely: Store these sensitive keys securely so that no one can access them.

d. Assign the Public Key to the Snowflake User (e.g., ZILLAREADERUSER) created in “2. Create User” section above, with the following SQL query:

// Execute this query to enable admin privilege so that we can modify user
USE ROLE ACCOUNTADMIN;

Execute the following query substituting user created in “2. Create User” section above for ZILLAREADERUSER and the public key, see Note below:

// Make change to user to associate RSApublic key
ALTER USER ZILLAREADERUSER SET RSA_PUBLIC_KEY='MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC........;

Note: To print the contents of the public key type $ cat rsa_key.pub on the terminal. The public key assigned is without the beginning and end part of it, i.e., -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- respectively.

4. Give the Warehouse Grant Privileges to Role (`ZILLAREADERROLE`)

Navigate to the Warehouses tab and Select your Warehouse. Click on Grant Privileges.

Enter the Privileges to grant as USAGE and Grant privileges to role (ZILLAREADERROLE). Click Grant.

5. Give the DATABASE Grant Privileges to Role (`ZILLAREADERROLE`)

Navigate to the Worksheets tab. Write the following query on a worksheet. To summarize, this SQL statement creates a new database that contains views that pull from the primary Snowflake Database. The role and user are only granted access to these views in the new database. Substitute ZILLAREADERUSER with the User Name created in “2. Create User” section.

use role ACCOUNTADMIN;

use warehouse ZILLA;

create database ZILLA_SNOWFLAKE_USAGE;

create schema ZILLA_SNOWFLAKE_USAGE.ACCOUNT_USAGE;



create view ZILLA_SNOWFLAKE_USAGE.ACCOUNT_USAGE.USERS 
    as select USER_ID,NAME,CREATED_ON,DELETED_ON,LOGIN_NAME,DISPLAY_NAME,FIRST_NAME,LAST_NAME,EMAIL,MUST_CHANGE_PASSWORD,HAS_PASSWORD,COMMENT,DISABLED,SNOWFLAKE_LOCK,DEFAULT_WAREHOUSE,DEFAULT_NAMESPACE,DEFAULT_ROLE,EXT_AUTHN_DUO,EXT_AUTHN_UID,BYPASS_MFA_UNTIL,LAST_SUCCESS_LOGIN,EXPIRES_AT,LOCKED_UNTIL_TIME,HAS_RSA_PUBLIC_KEY,PASSWORD_LAST_SET_TIME,OWNER,DEFAULT_SECONDARY_ROLE from SNOWFLAKE.ACCOUNT_USAGE.USERS;

create view ZILLA_SNOWFLAKE_USAGE.ACCOUNT_USAGE.GRANTS_TO_USERS 
    as select CREATED_ON,DELETED_ON,"ROLE",GRANTED_TO,GRANTEE_NAME,GRANTED_BY from SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS;
    

grant usage on warehouse ZILLA to role ZILLAREADERROLE;
grant usage on database ZILLA_SNOWFLAKE_USAGE to role ZILLAREADERROLE;
grant usage on schema ZILLA_SNOWFLAKE_USAGE.ACCOUNT_USAGE to role ZILLAREADERROLE;    


grant select on view ZILLA_SNOWFLAKE_USAGE.ACCOUNT_USAGE.USERS to role ZILLAREADERROLE;
grant select on view ZILLA_SNOWFLAKE_USAGE.ACCOUNT_USAGE.GRANTS_TO_USERS to role ZILLAREADERROLE;

grant role ZILLAREADERROLE to user ZILLAREADERUSER;

Set up Snowflake Application Integration on Zilla:

Visit the Zilla application and login using your admin credentials and then click Add Application in the top right.

A window with a search bar appears, type in snowflake in the search bar. Snowflake application entry will appear at the top of the list, click Add to Applications button to the right.

Fill in the form with appropriate details and then click Add to Applications button.

A detailed view of Snowflake application appears. Click Sync now or the gear icon in top right corner to configure your application.

Enable API Integration option from the dialog.

Add the configuration details, check the information below this screenshot.
Here fill in the details as follows,
- RSA Private Key: The PVT RSA key generated in section “3. Create Key Pair Authentication for the User” above. You can print the key on the terminal using $cat rsa_key.p8 command. Note that key shall be copied with -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- otherwise app will throw an error. Paste the key in the input box.
- RSA Private Key Passphrase: If you created an encrypted RSA PVT key then a passphrase to decrypt the key shall be provided here. If you have not created an encrypted key using -nocrypt flag, leave this blank.
- Snowflake Account Id: If your snowflake URL is https://unaXXXXX.us-east-1.snowflakecomputing.com/ then unaXXXXX.us-east-1 is your account id.
- Account Username: In our case, it’s ZILLAREADERUSER. If you have chosen a custom name above, provide that name.
- Warehouse name: Name of the warehouse which has the SNOWFLAKE database & ACCOUNT_USAGE schema. Use show warehouses; command to see available warehouses in your account.
Click Next/Sync Now after filling in the config details