Run the following script as a user role that has the permissions to create a user, role, and warehouse (such as the sysadmin or securityadmin roles).
Create roles, users and permissions within Snowflake
Copy
Ask AI
begin;-- create variables for user / password / role / warehouse / database (needs to be uppercase for objects)set role_name = 'REFUEL_ROLE';set user_name = 'REFUEL_USER';set user_password = '<your-password>';set warehouse_name = 'REFUEL_WAREHOUSE';set database_name = 'REFUEL_DATABASE';-- change role to securityadmin for user / role stepsuse role securityadmin;-- create role for refuelcreate role if not exists identifier($role_name);grant role identifier($role_name) to role SYSADMIN;-- create a user for refuelcreate user if not exists identifier($user_name)password = $user_passworddefault_role = $role_namedefault_warehouse = $warehouse_name;grant role identifier($role_name) to user identifier($user_name);-- set binary_input_format to BASE64alter user identifier($user_name) set binary_input_format = 'BASE64';-- change role to sysadmin for warehouse / database stepsuse role sysadmin;-- create a warehouse for refuelcreate warehouse if not exists identifier($warehouse_name)warehouse_size = xsmallwarehouse_type = standardauto_suspend = 60auto_resume = trueinitially_suspended = true;-- create database for refuelcreate database if not exists identifier($database_name);-- grant refuel role access to warehousegrant usageon warehouse identifier($warehouse_name)to role identifier($role_name);-- grant refuel access to databasegrant create schema, monitor, usageon database identifier($database_name)to role identifier($role_name);-- grant refuel read access to all tables and views in databasegrant usageon all schemas in database identifier($database_name)to role identifier($role_name);grant selecton all tables in database identifier($database_name)to role identifier($role_name);grant selecton all views in database identifier($database_name)to role identifier($role_name);-- if you want to limit access to specific schemas, you can use the following commands-- grant USAGE on SCHEMA identifier($database_name).schema_name to role identifier($role_name);-- grant SELECT on ALL TABLES in SCHEMA identifier($database_name).schema_name to role identifier($role_name);-- grant SELECT on ALL VIEWS in SCHEMA identifier($database_name).schema_name to role identifier($role_name);-- change role to ACCOUNTADMIN for STORAGE INTEGRATION support (only needed for Snowflake on GCP)use role ACCOUNTADMIN;grant CREATE INTEGRATION on account to role identifier($role_name);use role sysadmin; commit;
If you want a more secure way for Refuel to communicate with Snowflake, you can enable Key Pair Authentication.For that, follow the steps here. The only change to the list of steps we recommend is to use the AES256 algorithm instead of DES3 (faster and more secure). The complete command to generate the private key is
Step 3: Setup Snowflake integration in Refuel Cloud
In order to setup the Snowflake integration, navigate to Integrations within Refuel Cloud Settings, select Snowflake, and fill in the following fields: