# Snowflake

### User

Every Base user has 1 snowflake username: ICA\_U\_\<id>

### User/Project-Bundle

For each user/project-bundle combination a role is created: ICA\_UR\_\<id>\_\<name project/bundle>\_\_\<id>

This role receives the viewer or contributor role of the project/bundle, depending on their permissions in ICA.

## Roles

Every project or bundle has a dedicated Snowflake database.

For each database, 2 roles are created:

* \<project/bundle name>\_\<id>\_VIEWER
* \<project/bundle name>\_\<id>\_CONTRIBUTOR

### Project viewer role

This role receives

* REFERENCE and SELECT rights on the tables/views within the project's PUBLIC schema.
* Grants on the viewer roles of the bundles linked to the project.

### Project contributor role

This role receives the following rights on current an future objects in the project's/bundle database in the PUBLIC schema:

* ownership
* select, insert, update, delete, truncate and references on tables/views/materialized views
* usage on sequences/functions/procedures/file formats
* write, read and usage on stages
* select on streams
* monitor and operate on tasks

It also receives grant on the viewer role of the project.

## Warehouses

For each project (not bundle!) 2 warehouses are created, whose size can be changed ICA at **projects > your\_project > project settings > details**.

* \<projectname>\_\<id>\_QUERY
* \<projectname>\_\<id>\_LOAD

<details>

<summary>Using Load instead of Query warehouse</summary>

When you generates an oauth token, ICA always uses the QUERY warehouse by default (see bold part below):

*snowsql -a iap.us-east-1 -u ICA\_U\_277853 --authenticator=oauth -r ICA\_UR\_274853\_603465\_264891 -d atestbase2\_264891 -s PUBLIC **-w ATESTBASE2\_264891\_QUERY** --token=\<token>*

If you wish to use the LOAD warehouse in a session, you have 2 options :

1. Change the name in the connect string : *`snowsql -a iapdev.us-east-1 -u ICA_U_277853 --authenticator=oauth -r ICA_UR_277853_603465_264891 -d atestbase2_264891 -s PUBLIC -w ATESTBASE2_264891_`**`LOAD`**` `` ``--token=<token> `*
2. Execute the following statement after logging in : “*`use warehouse ATESTBASE2_264891_LOAD`”*

To determine which warehouse you are using, execute : `select current_warehouse()`;

</details>

### Synchronizing Tables

if you have [created tables](https://docs.snowflake.com/en/sql-reference/sql/create-table) directly in Snowflake with the OAuth token, you can synchronize them to appear in ICA by means of the **Projects > your\_project > Base > Tables > Sync** button.