Required Permissions
Complete the following to set up a Snowflake administrative account with the minimum required permissions for the listed operation:
-
Login to snowflake with ACCOUNTADMIN role and execute the following command:
CREATE USER "UserName";
-
Generate the public key. The public key is in the PEM format. For more information on generating the public key, refer to Generating Keys. The following is an example of the public key in PEM format:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+Fw2qv4Roud3l6tjPH4
zxybHjmZ5rhtCz9jppCV8UTWvEXxa88IGRIHbJ/PwKW/mR8LXdfI7l/9vCMXX4mk
...
-----END PUBLIC KEY-----
-
In the following command, replace
PublicKeywith the key you generated (do not include the BEGIN PUBLIC KEY and END PUBLIC KEY lines):ALTER USER "UserName" SET RSA_PUBLIC_KEY='PublicKey';
For example:
CopyALTER USER MYUSER SET RSA_PUBLIC_KEY='MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hhZwJvU4+MiD92bLLmf
zvdieU6TvuaSrjKJGtEndSWRR3p2pMFIzDWbbX1PHPqtt43C+meMtKtwMVl8JWEk
IawC7ZnfjHROufWVhpb+8DwhHuH/r7GWXCNCyjJTH/Z+htdIYFM/pbSKW1Qdt5X0
Bf5TGINAe9XxL2Zp5kqo8pYMiPGudgUdYQlMGZ6y1AH0Rcb76KUkoHNrJQA/xRI8
LSDMNJQSJo6rPGARD1Rn9ns0Z3M1qnoH6LOOX0GX3T4GU+ERwPaMVcMjkweSA3a1
sqLhq+9hpC8piW+LaEv2clj1Sp73m70qh/0l8Cb2O4sq7Iov8G8Iahe0LGLVQX3+
uQIDAQAB'; -
Use the following command to verify the user's public key fingerprint:
DESCRIBE USER "UserName";
-
Use the following command to create a role:
CREATE ROLE "Rolename";
-
Snowflake recommends creating a hierarchy of custom roles, with the top-most custom role assigned to the system role SYSADMIN. For more information, refer to the Snowflake documentation. Use the following command to assign the SYSADMIN role:
GRANT ROLE "Rolename" TO ROLE SYSADMIN;
-
Use the following command to grant a role to a user:
GRANT ROLE "Rolename" TO USER "UserName";
-
Use the following command to set a user's default role:
ALTER USER "UserName" SET DEFAULT_ROLE = "Rolename";
The following lists the required permissions for the specific operations mentioned in this section: