Skip to main content
Skip table of contents

Snowflake

Snowflake Connectors are secure gateways through which data can be moved in and out of the Platform. Rather than a storage connector, that connects to a GCP or S3 bucket for example, a Snowflake connector is referred to as a database connector.

By connecting to your Snowflake instances, you may access tables and views within your Snowflake account and to then create them as Data Assets. In doing so, you are defining the location of the data that you reference from the platform.

Harbr supports Snowflake both as source for creating assets (requires only read access) or as a destination for exports (requires write access). However, if a Snowflake reader account is used to setup the connector, it will not be possible to use it for export.

Pre-requisites

To connect to a data source in Snowflake, you need:

  1. The ability to manage the Snowflake account containing your source data via the Snowflake management console

  2. Account URL.

  3. Programmatic Access Token

To use PATs when setting up your Snowflake connector, you have several options:

PAT Setup Guide

Overview

To use Programmatic Access Tokens (PATs) when setting up your Snowflake connector, you have two options:

  1. Create a network policy that allows our platform's IP addresses (recommended)

  2. Disable the network policy requirement for PAT authentication at a user or account level

Choose the approach that best fits your organization's security requirements.

Option 1: Update an existing Network Policy with a new rule allowing Harbr IP addresses

As the primary recommended route, this option maintains strong network governance while allowing Harbr-originated PAT authentication.

Prerequisites

  • You must have ACCOUNTADMIN or SECURITYADMIN privileges

  • Harbr will provide a list of IP addresses. Contact Harbr Support if needed.

Steps

1. Log into Snowflake

  • Open the Snowflake web UI

  • Switch to ACCOUNTADMIN or SECURITYADMIN

    • Click your username → Switch Role

2. Create a new Network Rule containing Harbr IPs

Open a worksheet and run:

USE ROLE SECURITYADMIN;

CREATE OR REPLACE NETWORK RULE HARBR_PAT_ACCESS_RULE

  TYPE = IPV4

  MODE = INGRESS

  VALUE_LIST = (

    '<HARBR_IP_1>',

    '<HARBR_IP_2>',

    '<HARBR_IP_3>'

    -- include all Harbr IPs provided

  );

3. Add the new rule to your existing Network Policy

Determine which policy is applied to your account or integration user:

SHOW PARAMETERS LIKE 'NETWORK_POLICY' IN ACCOUNT;

Then attach the new rule:

ALTER NETWORK POLICY <EXISTING_POLICY_NAME>

  SET ALLOWED_NETWORK_RULE_LIST = (

    'HARBR_PAT_ACCESS_RULE',

    -- include any existing rules currently in the list

    '<OTHER_EXISTING_RULES>'

  );

After this step, Harbr’s IPs are allowed under your active Network Policy.

Verification

  • Create a Snowflake connector on the Harbr Platform.

  • The connection test should be successful. If not, please contact Support. 

Option 2: Modify an Existing Authentication Policy on the User

Use this option only if your Snowflake integration user already has an authentication policy assigned.

Prerequisites

  • ACCOUNTADMIN or SECURITYADMIN role

  • Verified integration user name

Steps

1. Check which Authentication Policy (if any) is assigned to the user:

DESC USER <HARBR_CONNECTOR_USER>;

If AUTHENTICATION_POLICY is set, extend that policy:

USE ROLE SECURITYADMIN;

ALTER AUTHENTICATION POLICY <EXISTING_POLICY_NAME>

  SET PAT_POLICY = (

    NETWORK_POLICY_EVALUATION = NOT_ENFORCED

  );

This ensures PAT authentication for this user does not require or enforce network policy checks.

Option 3: Create a New Authentication Policy

Use this option if the integration user does not have an authentication policy configured.

Prerequisites

  • ACCOUNTADMIN or SECURITYADMIN role

  • A security-focused database & schema (e.g. SECURITY_DB.SECURITY_SCHEMA) or another database and schema where policies are created and stored

Steps

  1. Create the policy

USE ROLE SECURITYADMIN;

USE DATABASE <SECURITY_DB>;

USE SCHEMA <SECURITY_SCHEMA>;

CREATE AUTHENTICATION POLICY HARBR_PAT_POLICY

  PAT_POLICY = (

    NETWORK_POLICY_EVALUATION = NOT_ENFORCED

  );

  1. Assign it to the Snowflake Connector user

ALTER USER <HARBR_CONNECTOR_USER>

SET AUTHENTICATION_POLICY = HARBR_PAT_POLICY;

Option 4: (Optional) Apply the Policy at the Account Level

Use this only if you wish for all users in your Snowflake account to adopt the same PAT behaviour. (created in option 3, step 1 above)

ALTER ACCOUNT 

SET AUTHENTICATION_POLICY = HARBR_PAT_POLICY;Verification

  • Try creating a PAT - it should work according to your chosen policy setting. 

  • If you encounter issues, please double check the guide or raise a ticket with Harbr Support for assistance. 

Creating Your Programmatic Access Token

Once you've completed an option (either 1, 2 3 or 4), progress to the following steps: 

  1. Navigate to your profile:

    • Click your username in the bottom left

    • Select "Settings"

  2. Go to the Authentication tab 

    • Programmatic access tokens

  3. Click "Generate new token"

    • Name: Enter a descriptive name (e.g., [YOUR_PLATFORM_NAME]_Connector)

    • Comment: Optional description

    • Lifetime: Choose appropriate duration (we recommend 1 year maximum)

    • Grant access

    • Click Generate Token

  4. Copy your token immediately:

    • Store the token securely

Importantly, copy the token value now - you won't be able to see it again

Create the Connector

  1. Click Manage on the Navigation bar.

  2. Select Connectors to view the Manage Connectors screen

  3. Click the Create Connector button at the top right

  4. Enter a Name for your Connector and a Description (optional)

  5. Choose Type > Snowflake .

  6. In the Harbr Snowflake connector configuration:

    • Account URL: Your Snowflake Url

    • Username: Your Snowflake username

    • PAT: Paste the PAT value you generated

  7. Add any Integration Metadata needed for programmatic integration.

  8. Click Create.

  9. Click Close

Note: You can use the Snowflake web interface or other supported Snowflake ETL software to integrate data using your connector.

Snowflake Data Assets

A Data Asset can be added to a Space when you specify what you need, just like a product. Snowflake Data Assets are remote which means that the data within the asset is queried in it’s remote location and is not transferred to the platform.

Once an asset has been added to a space, you can query it. Current naming conventions to access an asset is:

  • Asset Name: Mortgage Portfolio

  • Asset Source: Snowflake

  • Hue Catalog Name : Mortgage Portfolio

  • Trino Catalog Name: snwfl_mortgage_portfolio

select * from <trino_catalog_name>.<schema>.<table> limit 100;

where

<trino_catalogue_name> is the technical 'Trino Catalog Name' name shown above

<schema> is the "schema name" from the source system (e.g. Snowflake)

<table_name> is the name of a table in the schema.

Note

  • Use show catalogs command to get a list of catalogs and their names 

  • Do use <catalog name>; show schemas; commands to get a list of the schemas within a catalogQuery performance may be impacted if:

  • full volume table results are returned (>10 million records).

  • a query joins a Data Asset and data within a product.

  • the configuration of the Snowflake warehouse referenced by the Data Asset is sub-optimal.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close