Canvas Docs
  • GETTING STARTED
    • Our docs have moved
    • Connect your data
      • App and database connectors
      • Snowflake
      • BigQuery
      • Redshift
      • Postgres
        • Use an SSH tunnel
      • Static IP Addresses
      • dbt
        • dbt Cloud
        • dbt via GitHub
    • Create your first canvas
    • Onboarding your team
  • Building canvases
    • Import data
    • Formulas
    • SQL
    • Joins
    • Pivot tables
    • Charts
    • Filters
      • Date filters
      • Text search filters
      • Multi-select filters
    • Canvas API
    • Events API
    • Embed Login API
  • Embeds
    • Public Embeds
    • Scopes
    • Walkthrough
    • PowerPoint embeds
  • Managing users
    • Assigning permissions
  • Security
    • Data security
    • Bug bounty program
    • Privacy policy
    • Terms of service
Powered by GitBook
On this page
  • Account ID
  • Username and Password
  • Database
  • Warehouse
  1. GETTING STARTED
  2. Connect your data

Snowflake

Connect your Snowflake warehouse to explore and visualize your data

PreviousApp and database connectorsNextBigQuery

Last updated 2 years ago

Canvas requires the following fields to connect with your Snowflake instance:

  1. Account ID

  2. Username and Password

  3. Database

  4. Warehouse

Account ID

Every Snowflake account has a unique assigned to it. This is in the URL you use to access Snowflake. You can simply paste in the entire URL during the onboarding, for example:

Note that this URL sometimes includes a service name and region, such as:

In this case, your Snowflake account ID would include the provider and region and would be wsp61726.us-east-1.aws.

Username and Password

To display your data, Canvas requires a user with usage grants on any databases and schemas you want to access and select grants on any tables and views you want to access. Following the , we recommend creating a user for Canvas with the minimum set of permission necessary.

We recommend the following commands for creating this user:

-- change role to ACCOUNTADMIN
use role ACCOUNTADMIN;

-- create role for Canvas
create role if not exists canvas_role;
grant role canvas_role to role SYSADMIN;

-- create a user for Canvas
create user if not exists canvas_user
    password = '<password>';
grant role canvas_role to user canvas_user;
alter user canvas_user
set default_role = canvas_role;

-- change role to SSYADMIN
use role SYSADMIN;

grant usage on database <database> to role canvas_role;
grant usage on schema <database>.<schema> to role canvas_role;

-- grant select on all tables as well as all future tables
grant select on all views in schema <database>.<schema> to role canvas_role;
grant select on future views in schema <database>.<schema> to role canvas_role;
grant select on all tables in schema <database>.<schema> to role canvas_role;
grant select on future tables in schema <database>.<schema> to role canvas_role;
-- OR to grant on entire database
grant select on all tables in database <database> to role canvas_role;
grant select on future tables in database <database> to role canvas_role;
grant select on all views in database <database> to role canvas_role;
grant select on future views in database <database> to role canvas_role;

Additionally, if your Snowflake instance has a network access policy, you will need to whitelist the following IP addresses for this user:

  • 44.224.89.3

  • 35.80.194.138

  • 44.241.79.133

Once you've entered the above fields and Canvas has confirmed that your credentials work, you can select the database and warehouse that Canvas should use.

Database

Select the database that you'd like to work with in Canvas. Note that you must grant the privileges listed above for the user to access the table.

Warehouse

Select the warehouse that Canvas should use to run its queries. This can be useful to track how much usage Canvas is incurring on your instance. Note that you will need to grant the user above the USAGE privilege on this warehouse, IE:

GRANT USAGE ON WAREHOUSE CANVAS_WAREHOUSE TO ROLE CANVAS_ROLE;
Account Identifier
https://wsp61726.snowflakecomputing.com/console/login#/
https://aws.us-east-1.wsp61726.snowflakecomputing.com/console/login#/
principle of least privilege