This article covers:

1. How to set up a connection to a Snowflake database
2. How to add datasets
3. How to do connection overrides on a Snowflake connection
4. The supported Snowflake data types and the respective Luzmo data type they are mapped to

1. How to setup a Snowflake connection

To make a connection to Snowflake, navigate to the Connections page, select New Connection, then select Snowflake from the New Connection modal. You'll be able to provide the following properties:

• Host: provided as either:
  • Your Snowflake account (without the .snowflakecomputing.com suffix). This should have the format eg. TO12345.eu-west-1 or TO12345.us-east-2.aws on AWS or TO12345.west-europe.azure on Azure. See the Snowflake documentation for the full list.
  • A full URL the Snowflake connector will connect to. This can be used to use a Snowflake proxy or Snowflake API-compatible product.
• Username: username of the service user. We advise to create a separate read-only technical user for connecting Luzmo to your Snowflake databases (see e.g. query below). The user should have Default Warehouse set, eg. via the Snowflake UI.
• Warehouse (optional): the Snowflake Warehouse to use for querying data. If not specified, the default warehouse of the service user will be used.
• Role (optional): the Snowflake user Role to use for querying data. If not specified, the default role of the service user will be used.

The Snowflake connector supports 2 authentication modes:

1. Key-pair: (Recommended, see Snowflake guide on setting up key-pair auth)
   • Password: if you used a passphrase to protect your private key, enter it in the Password field.
   • Private key: copy the private key you used to setup key-pair authentication on the service user. This should be an RFC 7468-formatted PEM, ie. including the "encapsulation boundaries", like:

-----BEGIN ENCRYPTED PRIVATE KEY-----
base64 key material
-----END ENCRYPTED PRIVATE KEY-----

2. Username/password: (Legacy)
   • Password: the password of the Snowflake user

Please refer to the examples in our developer documentation to find out how to create a connection to Snowflake using our API.

Notes: If you use Network Policies within Snowflake, you should whitelist Luzmo's range of IP addresses as described here You'll find more information how to do this in the Snowflake user manual: Modifying a Network Policy.

Read-only user

You can create a read-only technical user in Snowflake by running the following query (while replacing references):

    -- ACCOUNTADMIN role is necessary for initial user creation setup
    USE role ACCOUNTADMIN;

    -- Create Luzmo role
    CREATE role IF NOT EXISTS <ROLE NAME>;
    -- Grant Luzmo role to SYSADMIN role (to modify Luzmo role)
    GRANT role <ROLE NAME> TO role SYSADMIN;
       
    -- Create a user for Luzmo
    CREATE user IF NOT EXISTS "<USERNAME>" -- <USERNAME> used to create Snowflake connection in Luzmo
      -- See https://docs.snowflake.com/en/user-guide/key-pair-auth
      rsa_public_key = 'MIIBIjANBgkqh...'; -- [✔ Recommended key-pair authentication] Assign public key to user <USERNAME>
      -- password = '<PASSWORD>';          -- [⚠ Legacy, see above] <PASSWORD> could be used to create Snowflake connection in Luzmo

    -- Grant Luzmo user acces to Luzmo role
    GRANT role <ROLE NAME> TO user "<USERNAME>";

    -- Change Luzmo user to set default role and warehouse
    ALTER user "<USERNAME>"
      SET default_role = <ROLE NAME>
      default_warehouse = <WAREHOUSE>; 
     
    USE role SYSADMIN; 
    -- Create warehouse if not exists 
    -- (you can also skip this and create the warehouse in the Snowflake UI, or use your current warehouse)
    CREATE warehouse IF NOT EXISTS <WAREHOUSE>
      -- Alter these according to your needs
      warehouse_size = medium
      warehouse_type = standard
      auto_suspend = 1800
      auto_resume = true
      initially_suspended = true;
     
    -- Make sure to use the role that has granting permissions for the warehouse, databases, schemas and tables
    -- USE role ACCOUNTADMIN; 

     -- Grant usage and resuming of warehouse to your Luzmo role
    GRANT USAGE, OPERATE ON warehouse <WAREHOUSE> TO role <ROLE NAME>;
     
    -- Grant read-only database access on your database
    -- (do this for all databases and schemas that you'd like to expose to Luzmo)
    GRANT USAGE ON database <DATABASE> TO role <ROLE NAME>;
    -- or, grant read-only database access on shared or imported databases 
    -- GRANT IMPORTED PRIVILEGES ON database <DATABASE> TO role <ROLE NAME>;

    -- Grant read-only access on a schema in your database
    GRANT USAGE ON schema <DATABASE>.<SCHEMA> TO role <ROLE NAME>;

    -- Grant read-only access to all tables in schemas
    GRANT SELECT ON ALL tables IN schema <DATABASE>.<SCHEMA> to role <ROLE NAME>;

You can further customize this query (e.g. only granting access to certain tables), Refer to the SQL Command Reference of Snowflake itself for more information.

2. How to add datasets

Once you have connected your Snowflake you can add datasets as explained here.

1. You can select one or multiple datasets as available in your Snowflake and link them in Luzmo to ensure they can be used together in a dashboard.
2. You can also add SQL datasets by switching to the SQL tab in the dataset creation modal. While creating or editing a SQL dataset, you can parameterize anything within the query by specifying {{metadata.< parameter name >|< default value >}}. Find out more about parameterized SQL Datasets.

Also make sure to check out this article on Preparing your data for analytics.

To find out how to add datasets using our API, please refer to the examples in our developer documentation.

3. Snowflake Connection Overrides

When generating an Authorization token to grant a user acces to your embedded dashboards it is possible to override the data source properties in the authorization request to dynamically use different properties. Find out more about connection overrides.

The fields available for overriding a Snowflake connection are as follows:

• Connection ID: The ID of the Connection to be overridden. Retrieve the ID to specify as detailed here.
• host: The new account name of your Snowflake account to connect to.
• key: The username of the Snowflake user.
• private_key: The private key of the Snowflake user, in case key-pair auth is used (recommended!).
• token: The passphrase used for the private key, in case key-pair auth is used (recommended!), or the password of the Snowflake user, in case username/password auth is used (legacy).
• warehouse: The new Snowflake warehouse to use to query data.
• role: The new Snowflake user Role to use to query data.
• datasets: List of dataset-level overrides. Useful if you want to override only a single dataset in your dashboard or if you have a separate table per client. The SQL query of the dataset can also be overridden if it's a SQL dataset within Luzmo.
  • schema: the new database to query.
  • table: The new snowflake table to query. The table is a concatenation of the schema and table like this <new_schema_name>.<table_name>.
  • SQL: The new SQL query to run (only for SQL datasets). Alternatively, you could also use parameterized SQL Datasets.

Our developer documentation has more info about connection overrides and an examples of Snowflake connection overrides.

Example code demonstrating how to override a Snowflake connection:

POST https://api.luzmo.com/0.1.0/authorization
{
"action":"create",
"version":"0.1.0",
"key": "< your API key >",
"token": "< your API token >",
"properties":{
  "type": "embed",
  ...,
  "account_overrides": { 
    "<your connection_id>": {
      "properties": {
        "host": "<New account name of your Snowflake account to connect to>",
        "key": "<New username of Snowflake user>",
        "private_key": "<New private key, in case key-pair auth is used>",
        "token": "<Passphrase used to protect private key, in case key-pair auth is used, or new password of Snowflake user>",
        "warehouse": "<New Snowflake Warehouse to use to query data>",
        "role": "<New Snowflake user Role to use to query data>"
      }
    }
  }
}
}

Example code demonstrating override the table for a single Snowflake dataset:

POST https://api.luzmo.com/0.1.0/authorization
{
"action":"create",
"version":"0.1.0",
"key": "< your API key >",
"token": "< your API token >",
"properties":{
  "type": "embed",
  ...,
  "account_overrides": { 
    "<your connection_id>": {
      "datasets": {
        "<dataset_id>": {
          "table": "<new_schema_name>.<table_name>"
        }
      }
    }
  }
}
}

4. Supported Data Types