Skip to Content
Data SourcesConnect Snowflake

Connect Snowflake

Use this tested setup flow to connect Snowflake to Skoot.

Prerequisites

The Snowflake user running setup must have:

  • An existing Snowflake user for Skoot, or permissions to create roles/users and grant privileges
  • Access to ACCOUNTADMIN or SECURITYADMIN to create roles and users
  • Access to SYSADMIN (or equivalent) to grant warehouse and database privileges
  • Access to the databases and schemas you want to expose to Skoot
  • The Snowflake Account Identifier and Warehouse name where queries will run

If your organization separates responsibilities, a user with both SECURITYADMIN and SYSADMIN (or a custom role with equivalent grants) is sufficient.

Step 1 — Create the Role

CREATE ROLE skoot_readonly_role;

Step 2 — Grant Warehouse Access

Replace MY_WAREHOUSE with your warehouse name.
Skoot only needs USAGE (to run queries), not MODIFY or OPERATE.

GRANT USAGE ON WAREHOUSE MY_WAREHOUSE TO ROLE skoot_readonly_role;

Step 3 — Grant Database and Schema Access

Choose one scenario based on the access level you want to grant. In all scenarios, USAGE on database and schema is required so Skoot can list objects.

Scenario A: All schemas and tables under a database

GRANT USAGE ON DATABASE MY_DATABASE TO ROLE skoot_readonly_role;
GRANT USAGE ON ALL SCHEMAS IN DATABASE MY_DATABASE TO ROLE skoot_readonly_role;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE MY_DATABASE TO ROLE skoot_readonly_role;
GRANT SELECT ON ALL TABLES IN DATABASE MY_DATABASE TO ROLE skoot_readonly_role;
GRANT SELECT ON ALL VIEWS IN DATABASE MY_DATABASE TO ROLE skoot_readonly_role;
GRANT SELECT ON FUTURE TABLES IN DATABASE MY_DATABASE TO ROLE skoot_readonly_role;
GRANT SELECT ON FUTURE VIEWS IN DATABASE MY_DATABASE TO ROLE skoot_readonly_role;

Scenario B: All tables under one schema

GRANT USAGE ON DATABASE MY_DATABASE TO ROLE skoot_readonly_role;
GRANT USAGE ON SCHEMA MY_DATABASE.MY_SCHEMA TO ROLE skoot_readonly_role;
GRANT SELECT ON ALL TABLES IN SCHEMA MY_DATABASE.MY_SCHEMA TO ROLE skoot_readonly_role;
GRANT SELECT ON ALL VIEWS IN SCHEMA MY_DATABASE.MY_SCHEMA TO ROLE skoot_readonly_role;
GRANT SELECT ON FUTURE TABLES IN SCHEMA MY_DATABASE.MY_SCHEMA TO ROLE skoot_readonly_role;
GRANT SELECT ON FUTURE VIEWS IN SCHEMA MY_DATABASE.MY_SCHEMA TO ROLE skoot_readonly_role;

Scenario C: Selective set of tables

GRANT USAGE ON DATABASE MY_DATABASE TO ROLE skoot_readonly_role;
GRANT USAGE ON SCHEMA MY_DATABASE.MY_SCHEMA TO ROLE skoot_readonly_role;
GRANT SELECT ON TABLE MY_DATABASE.MY_SCHEMA.MY_TABLE TO ROLE skoot_readonly_role;
GRANT SELECT ON TABLE MY_DATABASE.MY_SCHEMA.MY_OTHER_TABLE TO ROLE skoot_readonly_role;

Repeat the last GRANT SELECT ON TABLE ... line for each additional table.
Future grants are not applicable in this selective-access scenario.

Step 4 — Create the User

Replace with a strong password and store it securely before running.

CREATE USER skoot_readonly_user
    PASSWORD = 'replace_with_strong_password'
    DEFAULT_ROLE = skoot_readonly_role
    DEFAULT_WAREHOUSE = MY_WAREHOUSE
    MUST_CHANGE_PASSWORD = FALSE
    COMMENT = 'Read-only user for Skoot data agent';
 
GRANT ROLE skoot_readonly_role TO USER skoot_readonly_user;

Step 5 — Optional: IP Whitelisting (Network Policy)

This step is optional. Use it only if your Snowflake setup requires IP allowlisting.

Skoot public egress IP is available at Data Sources .
Replace SKOOT_PUBLIC_IP below with the actual IP.

Snowflake IP whitelisting uses Network Policies. Apply at user level (recommended) or account level.

-- Create the network policy
CREATE NETWORK POLICY skoot_network_policy
    ALLOWED_IP_LIST = ('SKOOT_PUBLIC_IP/32')
    COMMENT = 'Restrict Skoot user to Skoot egress IP';
 
-- Apply it to the user only (recommended)
ALTER USER skoot_readonly_user SET NETWORK_POLICY = skoot_network_policy;
 
-- Alternatively, apply at account level (affects all users)
-- ALTER ACCOUNT SET NETWORK_POLICY = skoot_network_policy;

Verification

Run the following as skoot_readonly_user (or as an admin using ACCOUNTADMIN) to confirm setup:

-- Check role grants
SHOW GRANTS TO ROLE skoot_readonly_role;
 
-- Check the user's assigned role
SHOW GRANTS TO USER skoot_readonly_user;
 
-- Check network policy assignment (only if Step 5 was applied)
SHOW PARAMETERS LIKE 'NETWORK_POLICY' FOR USER skoot_readonly_user;

Connect in Skoot App

After Snowflake setup is complete:

  1. Open Data Sources .
  2. Click Snowflake in Available Data Sources section Snowflake Connection .
  3. Fill these fields exactly:
    • Connection Name
    • Account Identifier
    • Warehouse
    • Username
    • Password
  4. Save the connection.
  5. Confirm status is Connected.
Last updated on
Supported Data SourcesConnect BigQuery