Snowflake Integration
Snowflake Integraiton Guide
This document describes how to integrate the Rezonate product with Snowflake, which provides IAM observability to users, groups, roles, and resources as well as detection of different security risks and threats.
Integration Steps (In Snowflake Side)
To integrate, please log-in with a privileged user and perform the following actions
Create a new role for Rezonate integration
CREATE ROLE rezonate_integration
COMMENT = 'Rezonate Integration Role';
Create a new role for Rezonate to log in through to utilize the role. Please replace the PLEASE-PLEASE-PUT-YOUR-PASSWORD-HERE With a random string that will be used as the password.
CREATE OR REPLACE USER rezonate_integration_user
DISABLED = false
MUST_CHANGE_PASSWORD = false
DEFAULT_ROLE = rezonate_integration
COMMENT ='rezonate_integration_user'
LOGIN_NAME = 'rezonate_integration_user'
PASSWORD = 'PLEASE-PUT-YOUR-PASSWORD-HERE'
In case of Certificate based authentication, Execute the following instead
CREATE OR REPLACE USER rezonate_integration_user
DISABLED = false
MUST_CHANGE_PASSWORD = false
DEFAULT_ROLE = rezonate_integration
COMMENT ='rezonate_integration_user'
LOGIN_NAME = 'rezonate_integration_user'
RSA_PUBLIC_KEY='MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5+IBytPTbsKs3ajcn7H
Mhy5JpmQmiqMWKfiJCa1iFYBnEnOHS/ZzUpkZRXflWoOYGnKyPlqSFOW14EJvec2
iBODm36nD6z7dFz3q9tBjzjjLRPDWwLSScBkIv5Zx5QzopcNoZDa0FyEe72Jk99+
e5Xxr+Hy+zmX3+/Fv0HPbWmG6IQXCN6V1uLY5B4V2xo0PFDFUw7pnGzYTQhmn3VT
+SJEJ9i3FY6ZPcjUjfz1UP+v1KJO7ZbQANqHLwDMv5j0ETvRNdj6MtAjRo9kwZl1
PIXFbRYYtFAo2nf+qqmOtQc7NSqgT+uKcfnFjzyt9Salzf3ISSu2r6XXOh8+cBUg
KwIDAQAB'
Grant Rezonate the privileges to query against the information metadata db
GRANT imported privileges on database snowflake to role rezonate_integration;
Grant Rezonate the privileges to "USAGE" a warehouse in the database. please replace $WAREHOUSE_NAME_HERE$ with one of the warehouses in the database.
GRANT USAGE ON WAREHOUSE $WAREHOUSE_NAME_HERE$ TO ROLE rezonate_integration;
Grant Monitor Access (To support querying federation information and security settings)
USE DATABASE SNOWFLAKE;
GRANT MONITOR ON ACCOUNT TO ROLE rezonate_integration;
GRANT APPLICATION ROLE TRUST_CENTER_VIEWER TO ROLE rezonate_integration;
Grant Rezonate with the ability to use the Rezonate role
GRANT ROLE rezonate_integration TO USER rezonate_integration_user
You will also need to provide the URL for your tenant ID. To extract its value please go to settings, tenant information and then click on the "Copy link" to show your URL
Integration of the Creation user to Rezonate
After creating the required privileges, go to the Rezonate integration screen. select Snowflake and fill in the following information:
username
created username (rezonate is default)
password
your selected password (If selected Certificate, you will need to fill the public key instead)
account
your snowflake id, in the following format: account.region
warehouse
the warehouse that was enabled for the user.
role
the created role name (default is rezonate_integration)
Last updated