Skip to content

Create a Snowflake Connection

Important

If you are using Okera's policy synchronization mechanism for Snowflake policy enforcement, you must configure your Snowflake environment before you create your Snowflake connection in Okera.

To create a Snowflake connection, complete the following steps.

  1. Create a new Snowflake connection from the Connections Page.

    Snowflake connection example

  2. Provide values for these fields:

    Warning

    Pay special attention to case and special characters when setting up Snowflake policy synchronization. Make sure the case of a Snowflake object matches the case used in your Snowflake environment. See Limitations and Case Considerations.

    • Account: Your Snowflake account name can be found in your Snowflake URL <accountname>.snowflakecomputing.com.

    • Snowflake warehouse: The Snowflake warehouse you wish to connect to. If none is specified, the default is used. The default Snowflake warehouse is the warehouse assigned to the user in Snowflake when the user was defined.

      Note: When no warehouse default is specified in Snowflake, omitting it in the Okera connection results in an error.

    • Source database: The name of the Snowflake database for the connection.

    • Schema: The name of the Snowflake schema in the database for the connection. If none is specified, the default is used. The default schema is the schema assigned to the user in Snowflake when the user was defined.

      Note: Snowflake tables should only be registered once in an Okera-synced cluster.

    • Username file: Link to your Snowflake username secret file. For more information, see Providing Secure Credentials. If you are using Snowflake policy synchronization, this user should be the secret file for the Snowflake user assigned to Okera's Snowflake role. See Step 1. Create a Snowflake Role for Okera.

    • Password file: Link to your Snowflake username secret file. For more information, see Providing Secure Credentials.

    • Role: If you are using Snowflake with Okera's policy synchronization connection method, specify the Snowflake role created for Okera to use for the connection. See Create a Snowflake Role for Okera. If you are using Snowflake with pushdown processing, this field is not present.

    • Advanced properties: Specify any of the following, optional, advanced properties.

      Note: Most of the advanced properties are only available if you integrate Okera with Snowflake using policy synchronization. Only the first property applies to both connection methods.

      Property
      Description
      Default Valid Values
      okera.policy_sync.enabled Indicates whether the policy synchronization enforcement mechanism should be used by the Snowflake connection. Important: This property should not be set by SaaS customers. By default, SaaS customers must use policy synchronization. For non-SaaS customers, set this option to false if you are using Snowflake pushdown processing. If you are using policy synchronization processing, set it to true. false true or false
      okera.policy_sync.scheduled Indicates whether the scheduled automatic synchronization job is enabled. This option is only available for policy synchronization. false true or false
      okera.policy_sync.audit_logs Indicates whether Snowflake compliance history should be logged in audit logs. This option is only available for policy synchronization. See Audit Log Processing. true true or false
      okera.policy_sync.install_artifacts Indicates whether the Okera UDFs should be automatically installed. This option is only available for policy synchronization and should not be changed at this time. false true or false
      okera.policy_sync.user_allowed_list Specifies the Snowflake users for which policy synchronization should occur. See Limiting Synchronized Users. --- list of names or Snowflake tag setting
  3. Test the connection to see if it works. If problems occur, verify that the Snowflake objects have been specified correctly and that the correct case has been used in the connection definition.

After the connection test runs successfully, create a crawler to register the data for the connection. See Registering Data With Crawlers.