Skip to content
Reeflow
Start Building

Snowflake

Connect to Snowflake using the SQL API v2 authenticated by a Programmatic Access Token (PAT).

Before creating a connection, you need:

  1. A Snowflake account with at least one warehouse and database
  2. A user that owns a Programmatic Access Token (PAT) with read-only privileges
  3. The user must have access to the warehouse, database, and schemas you want to query
Section titled “Creating a read-only role and user (optional, recommended)”

For least-privilege access, we recommend creating a dedicated role and user for Reeflow rather than reusing an admin account. Snowflake’s access control best practices cover this in more depth.

Run the following as ACCOUNTADMIN, customising the role, user, warehouse, and database names to match your environment:

USE ROLE ACCOUNTADMIN;

-- Dedicated role for Reeflow
CREATE ROLE IF NOT EXISTS REEFLOW_READER;

-- Dedicated user
CREATE USER IF NOT EXISTS REEFLOW_READER
DEFAULT_ROLE = REEFLOW_READER
DEFAULT_WAREHOUSE = COMPUTE_WH
MUST_CHANGE_PASSWORD = FALSE;
GRANT ROLE REEFLOW_READER TO USER REEFLOW_READER;

-- Warehouse, database, and schema usage
GRANT USAGE ON WAREHOUSE COMPUTE_WH TO ROLE REEFLOW_READER;
GRANT USAGE ON DATABASE ANALYTICS TO ROLE REEFLOW_READER;
GRANT USAGE ON ALL SCHEMAS IN DATABASE ANALYTICS TO ROLE REEFLOW_READER;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE ANALYTICS TO ROLE REEFLOW_READER;

-- Read access on existing and future tables / views
GRANT SELECT ON ALL TABLES IN DATABASE ANALYTICS TO ROLE REEFLOW_READER;
GRANT SELECT ON FUTURE TABLES IN DATABASE ANALYTICS TO ROLE REEFLOW_READER;
GRANT SELECT ON ALL VIEWS IN DATABASE ANALYTICS TO ROLE REEFLOW_READER;
GRANT SELECT ON FUTURE VIEWS IN DATABASE ANALYTICS TO ROLE REEFLOW_READER;
GRANT SELECT ON ALL MATERIALIZED VIEWS IN DATABASE ANALYTICS TO ROLE REEFLOW_READER;
GRANT SELECT ON FUTURE MATERIALIZED VIEWS IN DATABASE ANALYTICS TO ROLE REEFLOW_READER;

Reeflow authenticates with Snowflake using a Programmatic Access Token (PAT), Snowflake’s recommended credential for service integrations.

  1. Sign in to Snowsight as ACCOUNTADMIN
  2. Navigate to Governance & Security → Users & Roles → Users
  3. Click on the user that will own the token (e.g. REEFLOW_READER)
  4. In the Programmatic access tokens section, click Generate token
  5. Set a descriptive name (e.g. reeflow_pat) and an appropriate expiration
  6. Copy the token value. Snowflake will not show it again

When creating a Snowflake connection in Reeflow, provide the following:

FieldDescription
AccountSnowflake account identifier. Find it in Snowsight under your user profile: Account → View account details → Account Identifier (e.g. MYORG-MYACCOUNT or xy12345.us-east-1).
UsernameThe Snowflake user that owns the PAT. Find it in Snowsight under Settings → Profile → Username.
Programmatic Access TokenThe PAT generated above
WarehouseDefault warehouse used to execute queries
DatabaseDefault database queries are issued against
SchemaOptional default schema. Defaults to PUBLIC when omitted.
RoleOptional default role. Defaults to the user’s default role when omitted.

Create a Snowflake connection

Add a Snowflake account as a data source in Reeflow.

Navigate to Connections in the main navigation, then click New Connection.

Enter a Name for the connection and an optional Description.

Select Snowflake as the connection type.

Enter your Snowflake Account, Username, Programmatic Access Token, Warehouse, Database, and (optionally) Schema and Role.

Click Test Connection to verify your credentials are correct.

Click Create Connection to save. The connection appears in your connections list.