Required permissions
This topic describes the permissions required for working with this endpoint.
Setting a custom role
When Replicate establishes an ODBC connection to Snowflake, it uses the default user role on Snowflake, which is SYSADMIN.
However, if your corporate security policy dictates that third-part applications should not have SYSADMIN privileges, it is possible to create a custom role with fewer privileges and use that instead.
This can be done by changing the default user role on Snowflake from SYSADMIN to the desired custom role.
This can be done using either of the following methods:
Required permissions
The required permissions differ according to whether or not the schema and/or the target tables already existed before the Replicate task started.
Tables created by Replicate
Permissions required if you want schemas that do not exist to be created automatically
- USAGE ON DATABASE
- CREATE SCHEMA ON DATABASE
Permissions required if the schema already exists
- USAGE ON DATABASE
- USAGE ON SCHEMA
- CREATE FILE FORMAT ON SCHEMA
- CREATE STAGE ON SCHEMA
- CREATE TABLE ON SCHEMA
Tables that existed before the Replicate task started
Although not recommended, if you wish data to be replicated to existing tables that were created by a user with a different role, the Snowflake user specified in the endpoint settings must have the following table privileges:
- SELECT
- INSERT
- UPDATE
- TRUNCATE
- DELETE
- REFERENCES
Google cloud storage
The JSON credentials that you need to specify in the Snowflake on Google target endpoint settings must be for an account that has read and write access to the specified bucket and folder.