Snowflake

User

Every Base user has 1 snowflake username: ICA_U_<id>

User/Project-Bundle

For each user/project-bundle combination a role is created: ICA_UR_<id>_<name project/bundle>__<id>

This role receives the viewer or contributor role of the project/bundle, depending on their permissions in ICA.

Roles

Every project or bundle has a dedicated Snowflake database.

For each database, 2 roles are created:

<project/bundle name>_<id>_VIEWER
<project/bundle name>_<id>_CONTRIBUTOR

Project viewer role

This role receives

REFERENCE and SELECT rights on the tables/views within the project's PUBLIC schema.
Grants on the viewer roles of the bundles linked to the project.

Project contributor role

This role receives the following rights on current an future objects in the project's/bundle database in the PUBLIC schema:

ownership
select, insert, update, delete, truncate and references on tables/views/materialized views
usage on sequences/functions/procedures/file formats
write, read and usage on stages
select on streams
monitor and operate on tasks

It also receives grant on the viewer role of the project.

Warehouses

For each project (not bundle!) 2 warehouses are created, whose size can be changed ICA at projects > your_project > project settings > details.

<projectname>_<id>_QUERY
<projectname>_<id>_LOAD

Using Load instead of Query warehouse

When you generates an oauth token, ICA always uses the QUERY warehouse by default (see bold part below):

snowsql -a iap.us-east-1 -u ICA_U_277853 --authenticator=oauth -r ICA_UR_274853_603465_264891 -d atestbase2_264891 -s PUBLIC -w ATESTBASE2_264891_QUERY --token=<token>

If you wish to use the LOAD warehouse in a session, you have 2 options :

Change the name in the connect string : snowsql -a iapdev.us-east-1 -u ICA_U_277853 --authenticator=oauth -r ICA_UR_277853_603465_264891 -d atestbase2_264891 -s PUBLIC -w ATESTBASE2_264891_LOAD ``--token=<token>
Execute the following statement after logging in : “use warehouse ATESTBASE2_264891_LOAD”

To determine which warehouse you are using, execute : select current_warehouse();

PreviousSchedule NextBench

Last updated 5 months ago

Was this helpful?

Roles

Every project or bundle has a dedicated Snowflake database.

For each database, 2 roles are created:

<project/bundle name>_<id>_VIEWER

<project/bundle name>_<id>_CONTRIBUTOR

Project viewer role

This role receives

REFERENCE and SELECT rights on the tables/views within the project's PUBLIC schema.

Grants on the viewer roles of the bundles linked to the project.

Project contributor role

This role receives the following rights on current an future objects in the project's/bundle database in the PUBLIC schema:

ownership

select, insert, update, delete, truncate and references on tables/views/materialized views

usage on sequences/functions/procedures/file formats

write, read and usage on stages

select on streams

monitor and operate on tasks