Document toolboxDocument toolbox

Working with a Snowflake warehouse connection

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)


You can set up a data connection to connect to your Snowflake data warehouse on AWS and Azure.

Note

  • If you have enabled Network policies in Snowflake, you must use a Databricks workspace with the option Deploy Azure Databricks workspace with Secure Cluster Connectivity (No Public IP) as Yes. Additionally, add the NAT Gateway Public IP of Databricks VNet to the Network policies of Snowflake.

  • From the Kyvos 2023.1 release onwards, for Kyvos data security, if you want to use external security configured at the cluster level, such as user impersonation to enforced role and permissions while viewing Snowflake semantic model, you must change the property value from 2 to 1 in the QUERYING_SECURITY_LEVEL property (olapengine.properties). 

  • You can create multiple Snowflake connections for raw data querying. The connections are available on the semantic model designer page, where you can select the connection to be used for a particular semantic model.
    See the Working with non-materialized or raw data semantic models  section for more details. 

Prerequisites for creating a Snowflake connection

  1. The Access role used for creating the connection must have the following permissions assigned to your Snowflake staging database.
    Grant usage on the database:
    GRANT USAGE ON DATABASE <database> TO ROLE <role>;
    Grant usage on the schema:
    GRANT USAGE ON SCHEMA <database>.public TO ROLE <role>;
    Grant create stage on the public schema:
    GRANT CREATE STAGE ON SCHEMA <database>.public TO ROLE <role>;

  2. In OAuth token-based authentication, you need an access token to access Snowflake resources and a refresh token to be used to get a new access token in case it expires.
    To be able to fetch tokens from any Snowflake server, the Kyvos application should be registered with the target Snowflake server and this configuration must be done by the Snowflake Admin user (outside of Kyvos). Once this is done, Admin gets client_id, client_secret, authorization URL, and token URL. You need these property values when creating a Kyvos connection to enable the Kyvos server to fetch tokens from the Snowflake server.

  3. If you have deployed VPC with Internet Gateway, then you must assign an elastic IP to the BI Server.

To set up or view a Snowflake warehouse connection, perform the following steps. 

  1. From the Toolbox, click Connections.

  2. From the Actions menu (  ) click Add Connection.

  3. Enter a name or select it from the Connection list.

  4. After you finish configuring the settings using the table shown below, click the  Test  button from the top left to validate the connection settings.

  5. If the connection is valid, click the  Save  button. 

  6. To refresh connections, click the Actions menu ( ⋮ ) at the top of the Connections column and select Refresh.

Copyright Kyvos, Inc. All rights reserved.