Links
Comment on page

Snowflake

Installing P0 on Snowflake takes about five minutes.

Before you begin

You'll need privileges to create users and roles, manage grants, and create databases, shemata, and procedures. You can gain these privileges via the ACCOUNTADMIN role.

Setting up Snowflake

  1. 1.
    Navigate to "Integrations" on p0.app, then select "Snowflake":
  1. 2.
    Enter one or more Snowflake account identifiers, then hit enter, then click "Get setup SQL". You'll see a list of SQL commands to run on your Snowflake accounts:
  1. 3.
    Create a worksheet in each account, then run this SQL in each worksheet. Then click "Complete installation". You'll now be taken to the Snowflake integration configuration.

Configuring Snowflake

Configure each installed Snowflake account:
  1. 1.
    Choose a default warehouse for generated roles. When P0 creates a role, it will grant access to run queries on this warehouse. You can leave this blank, but users will need to manually specify a warehouse for each request.
  2. 2.
    Choose how users are provisioned in the account:
    1. 1.
      If users are manually provisioned, and their email address appears in the user object's EMAIL column, choose "Manually, with email in EMAIL".
    2. 2.
      If users are manually provisioned, and their email address appears in the user object's LOGIN_NAME column, choose "Manually, with email in LOGIN_NAME".
    3. 3.
      If users are provisioned via SCIM, choose the "By SCIM via membership in ..." option corresponding to the directory group that is used to provision users. When choosing this option, P0 will dynamically provision users in Snowflake as access is needed, and remove them when they no longer need access.
SCIM provisioning only works with the Okta directory.
That's it. You're ready to make least-privileged, just-in-time requests with Snowflake using p0!
Last modified 4mo ago