Preparing to run the Snowflake collector
Setting up pre-requisites for running the collector
Make sure that the machine from where you are running the collector meets the following hardware and software requirements.
Item | Requirement |
---|---|
Hardware | |
RAM | 8 GB |
CPU | 2 Ghz processor |
Software | |
Docker | Click here to get Docker. |
Java Runtime Environment | OpenJDK 17 is supported and available here. |
data.world specific objects | |
Dataset | You must have a ddw-catalogs (or other) dataset set up to hold your catalog files when you are done running the collector. |
Setting up authentication for cataloging Snowflake
The collector supports the following authentication methods:
Username and password authentication. For details, see the Snowflake documentation.
Username and Key pair authentication. For details, see the Snowflake documentation.
We recommend you create a dedicated Snowflake user for running the collector. You will need specific permissions to create this new user.
You need at least USERADMIN or higher permissions to create a new user. See the Snowflake user creation documentation. If you plan to modify the settings of an existing user, you will need OWN permissions to make such updates. See the Snowflake Admin User Management documentation
Additionally, to create key pair authentication for this user, you need a minimum of SECURITYADMIN to alter the user settings. See the Snowflake documentation.
To set permissions:
In the following query, replace <warehouse_name>, <database_name>, and <password>
Note
The following query grants permissions for all Snowflake schemas, tables, external tables, and views to the DDW_ACCOUNT_ROLE. The scope of the grant statements can be modified to grant permissions to specified objects which would limit the metadata cataloged from Snowflake.
create or replace role DDW_ACCOUNT_ROLE; grant operate, usage on warehouse <warehouse_name> to role DDW_ACCOUNT_ROLE; grant usage on database <database_name> to role DDW_ACCOUNT_ROLE; grant usage on all schemas IN DATABASE <database_name> to role DDW_ACCOUNT_ROLE; grant select on all tables IN DATABASE <database_name> to role DDW_ACCOUNT_ROLE; grant select on all external tables IN DATABASE <database_name> to role DDW_ACCOUNT_ROLE; grant select on all views IN DATABASE <database_name> to role DDW_ACCOUNT_ROLE; GRANT USAGE ON FUTURE SCHEMAS IN DATABASE "<database name>" TO ROLE DDW_ACCOUNT_ROLE; GRANT SELECT ON FUTURE TABLES IN DATABASE "<database name>" TO ROLE DDW_ACCOUNT_ROLE; create user DDW_ACCOUNT password='<password>' default_role = DDW_ACCOUNT_ROLE default_warehouse = '<warehouse_name>' display_name = 'data.world'; grant role DDW_ACCOUNT_ROLE to user DDW_ACCOUNT; // These permissions are required to harvest table usage, Object Dependency based lineage, // functions and stored procedures, tags, row access policies, and masking policies use role ACCOUNTADMIN; grant imported privileges on database snowflake to role DDW_ACCOUNT_ROLE; // You can check the grants on the user with this SHOW GRANTS TO ROLE DDW_ACCOUNT_ROLE;
Run all the queries.
Test the collector using the DDW_ACCOUNT user and the password you filled in.