Skip to main content
Skip table of contents

Snowflake

Snowflake Connectors are secure gateways through which data can be moved in and out of the Platform. Rather than a storage connector, that connects to a GCP or S3 bucket for example, a Snowflake connector is referred to as a database connector.

By connecting to your Snowflake instances, you may access tables and views within your Snowflake account and to then create them as Data Assets. In doing so, you are defining the location of the data that you reference from the platform.

Harbr supports Snowflake both as source for creating assets (requires only read access) or as a destination for exports (requires write access). However, if a Snowflake reader account is used to setup the connector, it will not be possible to use it for export.

Pre-requisites

To connect to a data source in Snowflake, you need:

  1. The ability to manage the Snowflake account containing your source data via the Snowflake management console

  2. Account URL.

  3. Programmatic Access Token

To use PATs when setting up your Snowflake connector, you have two options:

  1. Create a network policy that allows our platform's IP addresses (recommended)

  2. Disable the network policy requirement for PAT authentication

PAT Setup Guide

Option 1: Create a Network Policy (Recommended)

This approach maintains security by restricting PAT usage to specific IP addresses.

Prerequisites

  • You must have ACCOUNTADMIN or SECURITYADMIN role privileges

  • The platform IP address which Harbr will provide this upon request. Please raise a ticket with our Support desk to retrieve the necessary details.  

Steps

  1. Log into Snowflake using the web interface

  2. Switch to the appropriate role:

    • Click your username in the top right

    • Select "Switch Role" → Choose ACCOUNTADMIN or SECURITYADMIN

  3. Create the network policy:

    • Go to Admin → Security → Network Policies

    • Click "+ Network Policy"

    • Fill in the details:

      • Name: HARBR_PAT_ACCESS_POLICY (or your preferred name)

      • Comment: Allow PAT access from [YOUR_PLATFORM_NAME]

      • Allowed IP List: [IP_ADDRESS_TO_BE_PROVIDED]

    • Click Create

  4. Apply the policy to your account:

    • In the same Network Policies section, find your newly created policy

    • Click the "..." menu → "Set as Account Policy"

    • Confirm the action

Verification

  • Create a Snowflake connector on the Harbr Platform by following these steps. 

  • The connection test should be successful. If not, please contact Support. 

Option 2: Modify Authentication Policy

This approach uses authentication policies to control PAT network policy requirements. It is important to consider your organization's security policies when choosing these settings.

Prerequisites

  • You must have ACCOUNTADMIN or SECURITYADMIN role privileges

Steps

  1. Log into Snowflake using the web interface

  2. Switch to the appropriate role:

    • Click your username in the top right

    • Select "Switch Role" → Choose ACCOUNTADMIN or SECURITYADMIN

  3. Open a worksheet:

    • Click "+ Worksheet" or go to Worksheets

  4. Choose your approach by picking one of the three below: 

Option A: Allow PATs without network policy, but enforce if one exists:

  •   CREATE AUTHENTICATION POLICY pat_policy

  •      PAT_POLICY=(

  •        NETWORK_POLICY_EVALUATION = ENFORCED_NOT_REQUIRED

     );

Option B: Allow PATs without network policy and don't enforce any:

CREATE AUTHENTICATION POLICY pat_policy

PAT_POLICY=(

NETWORK_POLICY_EVALUATION = NOT_ENFORCED

);

  • Execute the command:

    • Click the Run button or press Ctrl+Enter

    • You should see a success message

  • Apply the policy to your account:

  ALTER ACCOUNT SET AUTHENTICATION POLICY pat_policy;

Option C: If you already have an authentication policy, modify it instead:

ALTER AUTHENTICATION POLICY your_existing_policy

SET PAT_POLICY = (

NETWORK_POLICY_EVALUATION = ENFORCED_NOT_REQUIRED

  );

Understanding the Options

  • ENFORCED_REQUIRED (default): User must have a network policy to use PATs

  • ENFORCED_NOT_REQUIRED: User doesn't need a network policy, but if one exists, it's enforced

  • NOT_ENFORCED: User doesn't need a network policy, and existing policies are ignored

Verification

  • Try creating a PAT - it should work according to your chosen policy setting. 

  • If you encounter issues, please double check the guide or raise a ticket with Harbr Support for assistance. 

Creating Your Programmatic Access Token

Once you've completed either Option 1 (Create a Network Policy) or Option 2 (Modify Authentication Policy), progress to the following steps: 

  1. Navigate to your profile:

    • Click your username in the bottom left

    • Select "Settings"

  2. Go to the Authentication tab 

    • Programmatic access tokens

  3. Click "Generate new token"

    • Name: Enter a descriptive name (e.g., [YOUR_PLATFORM_NAME]_Connector)

    • Comment: Optional description

    • Lifetime: Choose appropriate duration (we recommend 1 year maximum)

    • Grant access

    • Click Generate Token

  4. Copy your token immediately:

    • Store the token securely

Importantly, copy the token value now - you won't be able to see it again

Create the Connector

  1. Click Manage on the Navigation bar.

  2. Select Connectors to view the Manage Connectors screen

  3. Click the Create Connector button at the top right

  4. Enter a Name for your Connector and a Description (optional)

  5. Choose Type > Snowflake .

  6. Insert your Snowflake details

    • Username: Your Snowflake username

    • Authentication Method: Select "Programmatic Access Token"

    • Token: Paste the PAT you just created

  7. Add any Integration Metadata needed for programmatic integration.

  8. Click Create.

  9. Click Close

Note: You can use the Snowflake web interface or other supported Snowflake ETL software to integrate data using your connector.

Snowflake Data Assets

A Data Asset can be added to a Space when you specify what you need, just like a product. Snowflake Data Assets are remote which means that the data within the asset is queried in it’s remote location and is not transferred to the platform.

Once an asset has been added to a space, you can query it. Current naming conventions to access an asset is:

  • Asset Name: Mortgage Portfolio

  • Asset Source: Snowflake

  • Hue Catalog Name : Mortgage Portfolio

  • Trino Catalog Name: snwfl_mortgage_portfolio

select * from <trino_catalog_name>.<schema>.<table> limit 100;

where

<trino_catalogue_name> is the technical 'Trino Catalog Name' name shown above

<schema> is the "schema name" from the source system (e.g. Snowflake)

<table_name> is the name of a table in the schema.

Note

  • Use show catalogs command to get a list of catalogs and their names 

  • Do use <catalog name>; show schemas; commands to get a list of the schemas within a catalogQuery performance may be impacted if:

  • full volume table results are returned (>10 million records).

  • a query joins a Data Asset and data within a product.

  • the configuration of the Snowflake warehouse referenced by the Data Asset is sub-optimal.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.