Snowflake
Last updated
Last updated
You'll need privileges to create users and roles, manage grants, and create databases, shemata, and procedures. You can gain these privileges via the ACCOUNTADMIN role.
Navigate to "Integrations" on , then select "Snowflake". Select "IAM management" from the list of available components:
Click "Add Account":
Enter your Snowflake account identifier, then click "Next":
You'll see a list of SQL commands to run on your Snowflake account. Create a worksheet in the account, run this SQL in the worksheet, then click "Next":
Choose a default warehouse for generated roles. When P0 creates a role, it will grant access to run queries on this warehouse. You can leave this blank, but users will need to manually specify a warehouse for each request.
Choose how users are provisioned in the account:
If users are manually provisioned, and their email address appears in the user object's EMAIL column, choose "Manually, with email in EMAIL".
If users are manually provisioned, and their email address appears in the user object's LOGIN_NAME column, choose "Manually, with email in LOGIN_NAME".
If users are provisioned via SCIM, choose the "By SCIM via membership in ..." option corresponding to the directory group that is used to provision users. When choosing this option, P0 will dynamically provision users in Snowflake as access is needed, and remove them when they no longer need access.
SCIM provisioning only works with the Okta directory.
That's it. You're ready to make least-privileged, just-in-time requests with Snowflake using p0!
Select your desired configuration options and then click "Finish" to complete the installation. See below for more information about these settings:
