> ## Documentation Index
> Fetch the complete documentation index at: https://docs.open-metadata.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Snowflake Connector | OpenMetadata Cloud Data Warehouse

> Connect Snowflake to OpenMetadata with our comprehensive database connector guide. Easy setup, metadata extraction, and data lineage tracking.

export const MetadataIngestionUi = ({connector, selectServicePath, addNewServicePath, serviceConnectionPath}) => {
  return <Steps>
      <Step title="Visit the Services Page">
        Click `Settings` in the side navigation bar and then `Services`.

        The first step is to ingest the metadata from your sources. To do that, you first need to create a Service connection first.

        This Service will be the bridge between OpenMetadata and your source system.

        Once a Service is created, it can be used to configure your ingestion workflows.

        <img src="/public/images/connectors/visit-services-page.png" alt="Visit Services Page" />
      </Step>

      <Step title="Create a New Service">
        Click on _Add New Service_ to start the Service creation.

        <img src="/public/images/connectors/create-new-service.png" alt="Create a new Service" />
      </Step>

      <Step title="Select the Service Type">
        Select {connector} as the Service type and click _Next_.

        {selectServicePath && <img src={selectServicePath} alt="Select Service" />}
      </Step>

      <Step title="Name and Describe your Service">
        Provide a name and description for your Service.

        <h4>Service Name</h4>

        OpenMetadata uniquely identifies Services by their **Service Name**. Provide
        a name that distinguishes your deployment from other Services, including
        the other {connector} Services that you might be ingesting metadata
        from.

        Note that when the name is set, it cannot be changed.

        {addNewServicePath && <img src={addNewServicePath} alt="Add New Service" />}
      </Step>

      <Step title="Configure the Service Connection">
        In this step, we will configure the connection settings required for {connector}.

        Please follow the instructions below to properly configure the Service to read from your sources. You will also find
        helper documentation on the right-hand side panel in the UI.

        {serviceConnectionPath && <img src={serviceConnectionPath} alt="Configure Service connection" />}
      </Step>
    </Steps>;
};

export const ConnectorDetailsHeader = ({name, icon, stage, availableFeatures, unavailableFeatures = [], availableFeaturesCollate = []}) => {
  const showSubHeading = availableFeatures?.length > 0 || unavailableFeatures?.length > 0 || availableFeaturesCollate?.length > 0;
  const totalAvailableFeatures = [...availableFeatures || [], ...availableFeaturesCollate || []];
  return <div className="container">
      <div className="Heading">
        <div className="flex items-center gap-3">
          {icon && <div className="IconContainer">
              <img src={icon} alt={name} noZoom className="ConnectorIcon" />
            </div>}
          <h1 className="ConnectorName">{name}</h1>
          <span className={`StageBadge ${stage === 'PROD' ? 'prod' : 'beta'}`}>
            {stage}
          </span>
        </div>
      </div>
      {showSubHeading && <div className="SubHeading">
          <div className="FeaturesHeading">Feature List</div>
          <div className="FeaturesList">
            {totalAvailableFeatures.map(feature => <div className="FeatureTag AvailableFeature" key={feature}>
                ✓ {feature}
              </div>)}
            {unavailableFeatures.map(feature => <div className="FeatureTag UnavailableFeature" key={feature}>
                ✕ {feature}
              </div>)}
          </div>
        </div>}
    </div>;
};

<ConnectorDetailsHeader icon="/public/images/connectors/snowflakes.webp" name="Snowflake" stage="PROD" availableFeatures={["Metadata", "Query Usage", "Data Profiler", "Data Quality", "Lineage", "Column-level Lineage", "dbt", "Stored Procedures", "Owners", "Tags", "Sample Data", "Auto-Classification"]} unavailableFeatures={[]} />

In this section, we provide guides and references to use the Snowflake connector.

<Info>
  **Supported Authentication Types:**

  * **Basic Auth** — Username and password authentication
  * **Key Pair Auth** — Private key authentication with optional passphrase (see [Snowflake Key Pair Auth docs](https://docs.snowflake.com/en/user-guide/key-pair-auth))
  * **SSO** — Single-Sign-On via the `authenticator` connection argument
</Info>

Configure and schedule Snowflake metadata and profiler workflows from the OpenMetadata UI:

* [Requirements](#requirements)
* [Metadata Ingestion](#metadata-ingestion)
  * [Incremental Extraction](/v1.12.x/connectors/ingestion/workflows/metadata/incremental-extraction/snowflake)
* [Query Usage](/v1.12.x/connectors/ingestion/workflows/usage)
* [Data Profiler](/v1.12.x/how-to-guides/data-quality-observability/profiler/profiler-workflow)
* [Data Quality](/v1.12.x/how-to-guides/data-quality-observability/quality)
* [Lineage](/v1.12.x/connectors/ingestion/lineage)
* [dbt Integration](/v1.12.x/connectors/database/dbt)
* [Troubleshooting](/v1.12.x/connectors/database/snowflake/troubleshooting)

## Requirements

To ingest basic metadata snowflake user must have the following privileges:

* `USAGE` Privilege on Warehouse
* `USAGE` Privilege on Database
* `USAGE` Privilege on Schema
* `SELECT` Privilege on Tables

Before you grant privileges, replace these placeholders with your own values:

| Placeholder        | Description                                                              |
| ------------------ | ------------------------------------------------------------------------ |
| `<role_name>`      | Name of the new Snowflake role you want to create and assign to the user |
| `<user_name>`      | Username for the new Snowflake user being created                        |
| `<password>`       | A strong password for the new Snowflake user                             |
| `<warehouse_name>` | Name of the Snowflake warehouse the new role needs access to             |
| `<database_name>`  | Name of the Snowflake database from which you want to ingest data        |

```sql theme={null}
-- Create new role
CREATE ROLE <role_name>;
-- Create new user
CREATE USER <user_name> DEFAULT_ROLE=<role_name> PASSWORD='<password>';
-- Grant role to user
GRANT ROLE <role_name> TO USER <user_name>;
-- Grant USAGE Privilege on Warehouse to new role created above
GRANT USAGE ON WAREHOUSE <warehouse_name> TO ROLE <role_name>;
-- Grant USAGE Privilege on Database to new role created above
GRANT USAGE ON DATABASE <database_name> TO ROLE <role_name>;
-- Grant USAGE Privilege on required Schemas to new role created above
GRANT USAGE ON ALL SCHEMAS IN DATABASE <database_name> TO ROLE <role_name>;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE <database_name> TO ROLE <role_name>;
-- Grant SELECT Privilege on required tables & views to new role created above
GRANT SELECT ON ALL FUTURE TABLES IN DATABASE <database_name> TO ROLE <role_name>;
GRANT SELECT ON ALL TABLES IN DATABASE <database_name> TO ROLE <role_name>;
GRANT SELECT ON ALL FUTURE EXTERNAL TABLES IN DATABASE <database_name> TO ROLE <role_name>;
GRANT SELECT ON ALL EXTERNAL TABLES IN DATABASE <database_name> TO ROLE <role_name>;
GRANT SELECT ON ALL FUTURE VIEWS IN DATABASE <database_name> TO ROLE <role_name>;
GRANT SELECT ON ALL VIEWS IN DATABASE <database_name> TO ROLE <role_name>;
GRANT SELECT ON ALL FUTURE DYNAMIC TABLES IN DATABASE <database_name> TO ROLE <role_name>;
GRANT SELECT ON ALL DYNAMIC TABLES IN DATABASE <database_name> TO ROLE <role_name>;
-- Grant IMPORTED PRIVILEGES on all Schemas of SNOWFLAKE DB to new role created above. 
-- This is optional but required for usage, lineage and stored procedure ingestion
GRANT IMPORTED PRIVILEGES ON ALL SCHEMAS IN DATABASE SNOWFLAKE TO ROLE <role_name>;
```

### Additional Privileges

The following workflows require additional grants:

* **Incremental Extraction**: OpenMetadata fetches the information by querying `snowflake.account_usage.tables`.
* **Ingesting Tags**: OpenMetadata fetches the information by querying `snowflake.account_usage.tag_references`.
* **Ingesting Stored Procedures**: OpenMetadata fetches the information by querying `snowflake.account_usage.procedures` & `snowflake.account_usage.functions`.
* **Lineage & Usage Workflow**: OpenMetadata fetches the query logs by querying `snowflake.account_usage.query_history`. For this, the Snowflake user must be granted the `ACCOUNTADMIN` role or a role with `IMPORTED PRIVILEGES` on the `SNOWFLAKE` database.

  For more information about the `account_usage` schema, see [Account Usage](https://docs.snowflake.com/en/sql-reference/account-usage).

## Metadata Ingestion

<MetadataIngestionUi connector={"Snowflake"} selectServicePath={"/public/images/connectors/snowflake/select-service.png"} addNewServicePath={"/public/images/connectors/snowflake/add-new-service.png"} serviceConnectionPath={"/public/images/connectors/snowflake/service-connection.png"} />

# Connection Details

<Steps>
  <Step title="Connection Details">
    <Tip>
      When using a **Hybrid Ingestion Runner**, any sensitive credential fields—such as passwords, API keys, or private keys—must reference secrets using the following format:

      ```
      password: secret:/my/database/password
      ```

      This applies **only to fields marked as secrets** in the connection form (these typically mask input and show a visibility toggle icon).
      For a complete guide on managing secrets in hybrid setups, see the [Hybrid Ingestion Runner Secret Management Guide](https://docs.getcollate.io/getting-started/day-1/hybrid-saas/hybrid-ingestion-runner#3.-manage-secrets-securely).
    </Tip>

    * **Username**: Specify the User to connect to Snowflake. It should have enough privileges to read all the metadata.

    * **Password**: Password to connect to Snowflake.

    * **Account**: Snowflake account identifier uniquely identifies a Snowflake account within your organization, as well as throughout the global network of Snowflake-supported cloud platforms and cloud regions. If the Snowflake URL is `https://xyz1234.us-east-1.gcp.snowflakecomputing.com`, then the account is `xyz1234.us-east-1.gcp`.

    * **Role (Optional)**: You can specify the role of user that you would like to ingest with, if no role is specified the default roles assigned to user will be selected.

    * **Warehouse**: Snowflake warehouse is required for executing queries to fetch the metadata. Enter the name of warehouse against which you would like to execute these queries.

    * **Database (Optional)**: The database of the data source is an optional parameter, if you would like to restrict the metadata reading to a single database. If left blank, OpenMetadata ingestion attempts to scan all the databases.

    * **Private Key (Optional)**: If you have configured the key pair authentication for the given user you will have to pass the private key associated with the user in this field. For more information about key-pair authentication, see [Key-pair authentication and key-pair rotation](https://docs.snowflake.com/en/user-guide/key-pair-auth).

      Ensure your private key is formatted correctly before passing it. The key must be a single line with all line breaks replaced by `\n`.

      For example, if you have the following multi-line key (raw format):

      ```
      -----BEGIN ENCRYPTED PRIVATE KEY-----
      MII..
      MBQ...
      CgU..
      8Lt..
      ...
      h+4=
      -----END ENCRYPTED PRIVATE KEY-----
      ```

      Replace it with the following single-line key (required format):

      ```
      -----BEGIN ENCRYPTED PRIVATE KEY-----\nMII..\nMBQ...\nCgU..\n8Lt..\n...\nh+4=\n-----END ENCRYPTED PRIVATE KEY-----\n
      ```

      Replace every newline character in your key with a literal `\n`, including after the final line.

    * **Snowflake Passphrase Key (Optional)**: If you have configured the encrypted key pair authentication for the given user you will have to pass the passphrase associated with the private key in this field. You can check out [this](https://docs.snowflake.com/en/user-guide/key-pair-auth) doc to get more details about key-pair authentication.

    * **Include Temporary and Transient Tables**:
      Optional configuration for ingestion of `TRANSIENT` and `TEMPORARY` tables, By default, it will skip the `TRANSIENT` and `TEMPORARY` tables.

    * **Include Streams**:
      Optional configuration for ingestion of streams, By default, it will skip the streams.

    * **Include Stages**:
      Optional configuration for ingestion of Snowflake stages (internal and external). By default, stages are not ingested.

    * **Query Tag (Optional)**: Session query tag used to monitor usage on Snowflake. To use a query tag, the Snowflake user should have enough privileges to alter the session.

    * **Client Session Keep Alive**: Optional Configuration to keep the session active in case the ingestion job runs for longer duration.

    * **Account Usage Schema Name**: Full name of account usage schema, used in case your user does not have direct access to `SNOWFLAKE.ACCOUNT_USAGE` schema. In such case you can replicate tables `QUERY_HISTORY`, `TAG_REFERENCES`, `PROCEDURES`, `FUNCTIONS` to a custom schema let's say `CUSTOM_DB.CUSTOM_SCHEMA` and provide the same name in this field.
      When using this field, make sure you have all these tables available within your custom schema  `QUERY_HISTORY`, `TAG_REFERENCES`, `PROCEDURES`, `FUNCTIONS`.
  </Step>

  <Step title="Advanced Configuration">
    Database Services have an Advanced Configuration section, where you can pass extra arguments to the connector
    and, if needed, change the connection Scheme.

    This would only be required to handle advanced connectivity scenarios or customizations.

    * **Connection Options (Optional)**: Enter the details for any additional connection options that can be sent to database during the connection. These details must be added as Key-Value pairs.
    * **Connection Arguments (Optional)**: Enter the details for any additional connection arguments such as security or protocol configs that can be sent during the connection. These details must be added as Key-Value pairs.

          <img src="https://mintlify.s3.us-west-1.amazonaws.com/openmetadata/public/images/connectors/advanced-configuration.png" alt="Advanced Configuration" />
  </Step>

  <Step title="Test the Connection">
    Once the credentials have been added, click on *Test Connection* and *Save* the changes.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/openmetadata/public/images/connectors/test-connection.png" alt="Test Connection" />
  </Step>

  <Step title="Configure Metadata Ingestion">
    In this step we will configure the metadata ingestion pipeline,
    Please follow the instructions below

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/openmetadata/public/images/connectors/configure-metadata-ingestion-database-1.png" alt="Configure Metadata Ingestion" />

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/openmetadata/public/images/connectors/configure-metadata-ingestion-database-2.png" alt="Configure Metadata Ingestion" />

    #### Metadata Ingestion Options

    <Tip>
      If the owner's name is openmetadata, you need to enter `openmetadata@domain.com` in the name section of add team/user form, click [here](/connectors/database/dbt/ingest-dbt-owner#following-steps-shows-adding-a-user-to-openmetadata) for more info.
    </Tip>

    * **Name**: This field refers to the name of ingestion pipeline, you can customize the name or use the generated name.

    * **Database Filter Pattern (Optional)**: Use to database filter patterns to control whether or not to include database as part of metadata ingestion.
      * **Include**: Explicitly include databases by adding a list of comma-separated regular expressions to the Include field. OpenMetadata will include all databases with names matching one or more of the supplied regular expressions. All other databases will be excluded.
      * **Exclude**: Explicitly exclude databases by adding a list of comma-separated regular expressions to the Exclude field. OpenMetadata will exclude all databases with names matching one or more of the supplied regular expressions. All other databases will be included.

    * **Schema Filter Pattern (Optional)**: Use to schema filter patterns to control whether to include schemas as part of metadata ingestion.
      * **Include**: Explicitly include schemas by adding a list of comma-separated regular expressions to the Include field. OpenMetadata will include all schemas with names matching one or more of the supplied regular expressions. All other schemas will be excluded.
      * **Exclude**: Explicitly exclude schemas by adding a list of comma-separated regular expressions to the Exclude field. OpenMetadata will exclude all schemas with names matching one or more of the supplied regular expressions. All other schemas will be included.

    * **Table Filter Pattern (Optional)**: Use to table filter patterns to control whether to include tables as part of metadata ingestion.
      * **Include**: Explicitly include tables by adding a list of comma-separated regular expressions to the Include field. OpenMetadata will include all tables with names matching one or more of the supplied regular expressions. All other tables will be excluded.
      * **Exclude**: Explicitly exclude tables by adding a list of comma-separated regular expressions to the Exclude field. OpenMetadata will exclude all tables with names matching one or more of the supplied regular expressions. All other tables will be included.

    * **Enable Debug Log (toggle)**: Set the Enable Debug Log toggle to set the default log level to debug.

    * **Mark Deleted Tables (toggle)**: Set the Mark Deleted Tables toggle to flag tables as soft-deleted if they are not present anymore in the source system.

    * **Mark Deleted Tables from Filter Only (toggle)**: Set the Mark Deleted Tables from Filter Only toggle to flag tables as soft-deleted if they are not present anymore within the filtered schema or database only. This flag is useful when you have more than one ingestion pipelines. For example if you have a schema

    * **includeTables (toggle)**: Optional configuration to turn off fetching metadata for tables.

    * **includeViews (toggle)**: Set the Include views toggle to control whether to include views as part of metadata ingestion.

    * **includeTags (toggle)**: Set the 'Include Tags' toggle to control whether to include tags as part of metadata ingestion.

    * **includeOwners (toggle)**: Set the 'Include Owners' toggle to control whether to include owners to the ingested entity if the owner email matches with a user stored in the OM server as part of metadata ingestion. If the ingested entity already exists and has an owner, the owner will not be overwritten.

    * **includeStoredProcedures (toggle)**: Optional configuration to toggle the Stored Procedures ingestion.

    * **includeDDL (toggle)**: Optional configuration to toggle the DDL Statements ingestion.

    * **queryLogDuration (Optional)**: Configuration to tune how far we want to look back in query logs to process Stored Procedures results.

    * **queryParsingTimeoutLimit (Optional)**: Configuration to set the timeout for parsing the query in seconds.

    * **useFqnForFiltering (toggle)**: Regex will be applied on fully qualified name (e.g service\_name.db\_name.schema\_name.table\_name) instead of raw name (e.g. table\_name).

    * **Incremental (Beta)**: Use Incremental Metadata Extraction after the first execution. This is done by getting the changed tables instead of all of them. **Only Available for BigQuery, Redshift and Snowflake**
      * **Enabled**: If `True`, enables Metadata Extraction to be Incremental.
      * **lookback Days**: Number of days to search back for a successful pipeline run. The timestamp of the last found successful pipeline run will be used as a base to search for updated entities.
      * **Safety Margin Days**: Number of days to add to the last successful pipeline run timestamp to search for updated entities.

    * **Threads (Beta)**: Use a Multithread approach for Metadata Extraction. You can define here the number of threads you would like to run concurrently.

    Note that the right-hand side panel in the OpenMetadata UI will also share useful documentation when configuring the ingestion.
  </Step>

  <Step title="Schedule the Ingestion and Deploy">
    Scheduling can be set up at an hourly, daily, weekly, or manual cadence. The
    timezone is in UTC. Select a Start Date to schedule for ingestion. It is
    optional to add an End Date.

    Review your configuration settings. If they match what you intended,
    click Deploy to create the service and schedule metadata ingestion.

    If something doesn't look right, click the Back button to return to the
    appropriate step and change the settings as needed.

    After configuring the workflow, you can click on Deploy to create the
    pipeline.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/openmetadata/public/images/connectors/schedule.png" alt="Schedule the Workflow" />
  </Step>

  <Step title="View the Ingestion Pipeline">
    Once the workflow has been successfully deployed, you can view the
    Ingestion Pipeline running from the Service Page.

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/openmetadata/public/images/connectors/view-ingestion-pipeline.png" alt="View Ingestion Pipeline" />

    <Tip>
      If AutoPilot is enabled, workflows like usage tracking, data lineage, and similar tasks will be handled automatically. Users don’t need to set up or manage them - AutoPilot takes care of everything in the system.
    </Tip>
  </Step>
</Steps>

### Incomplete Column Level for Views

For views with a tag or policy, you may see incorrect lineage, this can be because user may not have enough access to fetch those policies or tags. You need to grant the following privileges in order to fix it.
Check out the [Snowflake docs](https://docs.snowflake.com/en/sql-reference/functions/get_ddl#usage-notes) for further details.

```
GRANT APPLY MASKING POLICY TO ROLE <role_name>;
GRANT APPLY ROW ACCESS POLICY TO ROLE <role_name>;
GRANT APPLY AGGREGATION POLICY TO ROLE <role_name>;
GRANT APPLY PROJECTION POLICY TO ROLE <role_name>;
GRANT APPLY TAG TO ROLE <role_name>;
```

Depending on your view ddl you can grant the relevant privileges as per above queries.

## Related

<Columns cols={2}>
  <Card title="Usage Workflow" href="/v1.12.x/connectors/ingestion/workflows/usage">
    Learn more about how to configure the Usage Workflow to ingest Query information from the UI.
  </Card>

  <Card title="Lineage Workflow" href="/v1.12.x/connectors/ingestion/workflows/lineage">
    Learn more about how to configure the Lineage from the UI.
  </Card>

  <Card title="Profiler Workflow" href="/v1.12.x/how-to-guides/data-quality-observability/profiler/profiler-workflow">
    Learn more about how to configure the Data Profiler from the UI.
  </Card>

  <Card title="Data Quality Workflow" href="/v1.12.x/how-to-guides/data-quality-observability/quality/configure">
    Learn more about how to configure the Data Quality tests from the UI.
  </Card>

  <Card title="dbt Integration" href="/v1.12.x/connectors/database/dbt">
    Learn more about how to ingest dbt models' definitions and their lineage.
  </Card>
</Columns>