Snowflake
Snowflake Connectors are secure gateways through which data can be moved in and out of the Platform. Rather than a storage connector, that connects to a GCP or S3 bucket for example, a Snowflake connector is referred to as a database connector.
By connecting to your Snowflake instances, you may access tables and views within your Snowflake account and to then create them as Data Assets. In doing so, you are defining the location of the data that you reference from the platform.
Harbr supports Snowflake both as source for creating assets (requires only read access) or as a destination for exports (requires write access). However, if a Snowflake reader account is used to setup the connector, it will not be possible to use it for export.
Pre-requisites
To connect to a data source in Snowflake, you need:
The ability to manage the Snowflake account containing your source data via the Snowflake management console
Account URL.
Programmatic Access Token
To use PATs when setting up your Snowflake connector, you have two options:
Create a network policy that allows our platform's IP addresses (recommended)
Disable the network policy requirement for PAT authentication
PAT Setup Guide
Option 1: Create a Network Policy (Recommended)
This approach maintains security by restricting PAT usage to specific IP addresses.
Prerequisites
You must have
ACCOUNTADMIN
orSECURITYADMIN
role privilegesThe platform IP address which Harbr will provide this upon request. Please raise a ticket with our Support desk to retrieve the necessary details.
Steps
Log into Snowflake using the web interface
Switch to the appropriate role:
Click your username in the top right
Select "Switch Role" → Choose ACCOUNTADMIN or SECURITYADMIN
Create the network policy:
Go to Admin → Security → Network Policies
Click "+ Network Policy"
Fill in the details:
Name: HARBR_PAT_ACCESS_POLICY (or your preferred name)
Comment: Allow PAT access from [YOUR_PLATFORM_NAME]
Allowed IP List: [IP_ADDRESS_TO_BE_PROVIDED]
Click Create
Apply the policy to your account:
In the same Network Policies section, find your newly created policy
Click the "..." menu → "Set as Account Policy"
Confirm the action
Verification
Create a Snowflake connector on the Harbr Platform by following these steps.
The connection test should be successful. If not, please contact Support.
Option 2: Modify Authentication Policy
This approach uses authentication policies to control PAT network policy requirements. It is important to consider your organization's security policies when choosing these settings.
Prerequisites
You must have ACCOUNTADMIN or SECURITYADMIN role privileges
Steps
Log into Snowflake using the web interface
Switch to the appropriate role:
Click your username in the top right
Select "Switch Role" → Choose ACCOUNTADMIN or SECURITYADMIN
Open a worksheet:
Click "+ Worksheet" or go to Worksheets
Choose your approach by picking one of the three below:
Option A: Allow PATs without network policy, but enforce if one exists:
CREATE AUTHENTICATION POLICY pat_policy
PAT_POLICY=(
NETWORK_POLICY_EVALUATION = ENFORCED_NOT_REQUIRED
);
Option B: Allow PATs without network policy and don't enforce any:
CREATE AUTHENTICATION POLICY pat_policy
PAT_POLICY=(
NETWORK_POLICY_EVALUATION = NOT_ENFORCED
);
Execute the command:
Click the Run button or press Ctrl+Enter
You should see a success message
Apply the policy to your account:
ALTER ACCOUNT SET AUTHENTICATION POLICY pat_policy;
Option C: If you already have an authentication policy, modify it instead:
ALTER AUTHENTICATION POLICY your_existing_policy
SET PAT_POLICY = (
NETWORK_POLICY_EVALUATION = ENFORCED_NOT_REQUIRED
);
Understanding the Options
ENFORCED_REQUIRED (default): User must have a network policy to use PATs
ENFORCED_NOT_REQUIRED: User doesn't need a network policy, but if one exists, it's enforced
NOT_ENFORCED: User doesn't need a network policy, and existing policies are ignored
Verification
Try creating a PAT - it should work according to your chosen policy setting.
If you encounter issues, please double check the guide or raise a ticket with Harbr Support for assistance.
Creating Your Programmatic Access Token
Once you've completed either Option 1 (Create a Network Policy) or Option 2 (Modify Authentication Policy), progress to the following steps:
Navigate to your profile:
Click your username in the bottom left
Select "Settings"
Go to the Authentication tab
Programmatic access tokens
Click "Generate new token"
Name: Enter a descriptive name (e.g., [YOUR_PLATFORM_NAME]_Connector)
Comment: Optional description
Lifetime: Choose appropriate duration (we recommend 1 year maximum)
Grant access
Click Generate Token
Copy your token immediately:
Store the token securely
Importantly, copy the token value now - you won't be able to see it again
Create the Connector
Click Manage on the Navigation bar.
Select Connectors to view the Manage Connectors screen
Click the Create Connector button at the top right
Enter a Name for your Connector and a Description (optional)
Choose Type > Snowflake .
Insert your Snowflake details
Username: Your Snowflake username
Authentication Method: Select "Programmatic Access Token"
Token: Paste the PAT you just created
Add any Integration Metadata needed for programmatic integration.
Click Create.
Click Close
Note: You can use the Snowflake web interface or other supported Snowflake ETL software to integrate data using your connector.
Snowflake Data Assets
A Data Asset can be added to a Space when you specify what you need, just like a product. Snowflake Data Assets are remote which means that the data within the asset is queried in it’s remote location and is not transferred to the platform.
Once an asset has been added to a space, you can query it. Current naming conventions to access an asset is:
Asset Name: Mortgage Portfolio
Asset Source: Snowflake
Hue Catalog Name : Mortgage Portfolio
Trino Catalog Name: snwfl_mortgage_portfolio
select * from <trino_catalog_name>.<schema>.<table> limit 100;
where
<trino_catalogue_name> is the technical 'Trino Catalog Name' name shown above
<schema> is the "schema name" from the source system (e.g. Snowflake)
<table_name> is the name of a table in the schema.
Note:
Use show catalogs command to get a list of catalogs and their names
Do use <catalog name>; show schemas; commands to get a list of the schemas within a catalogQuery performance may be impacted if:
full volume table results are returned (>10 million records).
a query joins a Data Asset and data within a product.
the configuration of the Snowflake warehouse referenced by the Data Asset is sub-optimal.