Before ingesting Snowflake metadata into Dawiso, prepare your account for authentication by configuring an Snowflake user and granting it the necessary permissions.
Dawiso queries INFORMATION_SCHEMA views to retrieve metadata for your assets.
Create a role in Snowflake
Create a new role using these statements:
CREATE OR REPLACE ROLE dawiso_integration_role;
GRANT OPERATE ON WAREHOUSE "my_warehouse" TO ROLE dawiso_integration_role;
GRANT USAGE ON WAREHOUSE "my_warehouse" TO ROLE dawiso_integration_role;- Replace
my_warehousewith the name of the warehouse that will run ingestion queries executed by Dawiso.
USAGE permission is required for Dawiso to execute ingestion queries within your Snowflake account?
OPERATE permission is optional if you will Dawiso to be allowed to start the warehouse in case it is stopped.
Create a user
Create a new user with a password using this statement:
CREATE USER dawiso_integration_user PASSWORD='my_password'
DEFAULT_ROLE=dawiso_integration_role
DEFAULT_WAREHOUSE='my_warehouse'
DISPLAY_NAME='Dawiso Integration User'
TYPE='SERVICE';- Replace
my_passwordwith your password. - Replace
my_warehousewith the name of the warehouse that will run ingestion queries executed by Dawiso.
Grant role to user
Add the role created in the first step to your user:
GRANT ROLE dawiso_integration_role TO USER dawiso_integration_user;Grant permissions to INFORMATION_SCHEMA views
Use these statements to grant necessary permissions to INFORMATION_SCHEMA views for all object types scanned into Dawiso:
GRANT USAGE ON DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON ALL SCHEMAS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT MONITOR ON ALL DYNAMIC TABLES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON ALL FILE FORMATS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT REFERENCES ON ALL EXTERNAL TABLES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON ALL FUNCTIONS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT REFERENCES ON ALL MATERIALIZED VIEWS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT MONITOR ON PIPE "MYPIPE" TO ROLE dawiso_integration_role;
GRANT USAGE ON ALL PROCEDURES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON ALL SEQUENCES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT READ ON ALL STAGES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON ALL STAGES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT SELECT ON ALL STREAMS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT MONITOR ON ALL TASKS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT REFERENCES ON ALL TABLES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT REFERENCES ON ALL VIEWS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;- Replace
MY_DATABASEwith with your database name.
Please note, that permissions in the previous step allow Dawiso to scan only objects existing in the database at the time when permissions are granted.
To scan all objects created in the future as well, execute this additional set of statements:
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT MONITOR ON FUTURE DYNAMIC TABLES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON FUTURE FILE FORMATS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT REFERENCES ON FUTURE EXTERNAL TABLES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON FUTURE FUNCTIONS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT REFERENCES ON FUTURE MATERIALIZED VIEWS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT MONITOR ON FUTURE PIPES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON FUTURE PROCEDURES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON FUTURE SEQUENCES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT READ ON FUTURE STAGES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT USAGE ON FUTURE STAGES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT SELECT ON FUTURE STREAMS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT MONITOR ON FUTURE TASKS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT REFERENCES ON FUTURE TABLES IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;
GRANT REFERENCES ON FUTURE VIEWS IN DATABASE "MY_DATABASE" TO ROLE dawiso_integration_role;- Replace
MY_DATABASEwith with your database name.
Repeat this setup for each database you would like to see in Dawiso.
Grant permission to SNOWFLAKE.ACCOUNT_USAGE schema
Use this statement to grant necessary permissions to ACCOUNT_USAGE views to scan object dependencies into Dawiso:
GRANT DATABASE ROLE SNOWFLAKE.OBJECT_VIEWER TO ROLE dawiso_integration_role;Grant the ACCOUNTADMIN role to provide full access to metadata, which is essential for comprehensive scanning. As we are aware that this role grants extensive administrative access, we recommend either:
- Assigning it primarily to testing accounts, or
- Assigning it if you intend to use Dawiso Integration Runtime (DIR) for on-premises scanning. This role will allow metadata access without the need to share your highly privileged user credentials with Dawiso.
Limitations
By default, Dawiso metadata applications scan all objects in a database. This means that scanning only one or a few selected schemas is not possible.
For partial metadata scans, contact our Customer Success team for an individual solution.