Snowflake Direct Connect
Note:
Network policies differ between customers and how their architecture is set up. You may need to apply a network policy allowing DataBee to talk to your Snowflake instance. For a list of IP addresses that need to be whitelisted, contact DataBee Support or reach out to your Technical Account Manager.
To learn more about configuring the Snowflake Network Policy, see Create Network Policy.
Key Pair Setup
DataBee connects to Snowflake using a secure key-pair authentication mechanism. Before configuring your Snowflake environment, you will need to generate a key pair for the connection. This 2-step process generates a private encrypted key and a public key. To generate the private key you can run the following openssl command:
openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8Private Key Password
This command will ask you to setup a password to protect the private key. DO NOT LOSE this password or you will be unable to complete the Snowflake connection.
To generate the public key that matches the private key created above you can use this openssl command:
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pubPassword Input
This command requests the same password you used to create the private key.
You will use this public key when setting up the user in Snowflake and the private key and password when connecting in the DataBee UI. Click on Key-pair authentication with Snowflake for more details.
Snowflake Setup
Prior to configuring your Snowflake connection in DataBee, your Snowflake administrator must perform the steps in the script below:
Step 1: Creating Role
-- Creating Role
USE ROLE ACCOUNTADMIN;
create ROLE CTSCYBER_RL comment = 'Role created for Comcast to manage the connected app product' ;
USE ROLE ACCOUNTADMIN;
grant OWNERSHIP on ROLE CTSCYBER_RL to ROLE SYSADMIN;
USE ROLE SYSADMIN;
GRANT ROLE CTSCYBER_RL to ROLE SYSADMIN;Step 2: Creating Warehouse
-- Creating Warehouse
USE ROLE SYSADMIN;
CREATE OR REPLACE WAREHOUSE CTSCYBER_WH
WITH WAREHOUSE_SIZE = SMALL -- default as XSMALL [| SMALL | MEDIUM | LARGE | XLARGE | XXLARGE | XXXLARGE | X4LARGE | X5LARGE | X6LARGE]
MAX_CLUSTER_COUNT = 2 -- default to 2
MIN_CLUSTER_COUNT = 1 -- default to 1
SCALING_POLICY = STANDARD -- always default to STANDARD [| ECONOMY]
AUTO_SUSPEND = 60 -- warehouses automatically bill for the first minute, so we default to 60 second suspension
AUTO_RESUME = TRUE -- always default to TRUE [| FALSE]
INITIALLY_SUSPENDED = TRUE -- always default to TRUE [| FALSE]
COMMENT = 'This warehouse is utilized by the DataBee team to load and monitor data in your SF account'
STATEMENT_QUEUED_TIMEOUT_IN_SECONDS = 1800 -- default to 30 min
STATEMENT_TIMEOUT_IN_SECONDS = 3600 -- default to 60 min
;
USE ROLE ACCOUNTADMIN;
GRANT USAGE ON WAREHOUSE CTSCYBER_WH TO ROLE CTSCYBER_RL;Step 3: Creating Database
-- Creating Database
USE ROLE SYSADMIN;
CREATE DATABASE CTSCYBER_DB
COMMENT = 'Database used for/by DataBee';
USE ROLE SYSADMIN;
GRANT OWNERSHIP ON DATABASE CTSCYBER_DB TO CTSCYBER_RL COPY CURRENT GRANTS;
GRANT USAGE on database CTSCYBER_DB TO CTSCYBER_RL;Step 4: Add Users
-- Add Users
USE ROLE ACCOUNTADMIN;
CREATE OR REPLACE USER SVC_CTSCYBER
LOGIN_NAME = 'SVC_CTSCYBER'
RSA_PUBLIC_KEY = 'MIIBIjANBgkqh...' -- replace this with the public key you created for this user
DISPLAY_NAME = 'SVC USER CTSCYBER'
FIRST_NAME = ''
LAST_NAME = ''
DEFAULT_WAREHOUSE = 'CTSCYBER_WH' -- default warehouse
DEFAULT_NAMESPACE = 'CTSCYBER_DB' --default database
DEFAULT_ROLE = 'CTSCYBER_RL' --default role
MUST_CHANGE_PASSWORD=FALSE;Step 5: Grant default role
-- Grant default role
USE ROLE ACCOUNTADMIN;
GRANT ROLE CTSCYBER_RL TO USER SVC_CTSCYBER;
ALTER USER SVC_CTSCYBER SET DEFAULT_ROLE = CTSCYBER_RL;Step 6: Grant task permissions
-- Grant task permissions
USE ROLE ACCOUNTADMIN;
GRANT EXECUTE TASK, EXECUTE MANAGED TASK ON ACCOUNT TO ROLE CTSCYBER_RL;After running the script, click the Grant Role button located at the bottom-right corner of the page.
Snowflake Configuration in DataBee
You can load and search your security data into a cloud-based data warehousing platform like Snowflake using DataBee.
Click on the settings icon at the top right corner of the portal, and from the dropdown menu select System.
.png?sv=2022-11-02&spr=https&st=2026-05-21T17%3A52%3A24Z&se=2026-05-21T18%3A06%3A24Z&sr=c&sp=r&sig=eVgnuLKE%2B%2BFWfvflWT3cClXE6jv4RenvfXyR3BH%2F2Tw%3D)
On the left panel, click the Data Lakes button.
Select the Snowflake button, which takes you to the "Snowflake” configuration page.
Key Pair Setup
DataBee connects to Snowflake using a secure key-pair authentication mechanism. Before configuring your Snowflake environment, you will need to generate a key pair for the connection. This 2-step process generates a private encrypted key and a public key. Click Copy to clipboard to copy the openssl commands to generate the private key and public key pair. Click Next to proceed.
Note:
This step can be skipped if the Key Pair Setup step above was completed previously.
Snowflake Setup
Prior to configuring your Snowflake connection in DataBee, your Snowflake administrator must perform the steps in the script shown here. Click Copy to clipboard to save it. Click Next to proceed.
Note:
These steps overlap with Configuration Steps 1-6 above, and can be skipped, if that was already completed.
Data Lake Account Details
You can create a new Snowflake connection in DataBee by entering the details for the following connection parameters.
Account Identifier: your account identifier e.g., companyname.us-east-1.
Username: your Snowflake username for authentication (The database name is case sensitive).
Database: database to use for backend storage.
Warehouse: Compute resource cluster to use for this application.
Role: user account role to use when interacting with the Snowflake cluster.
Private Key: the private key for key pair authentication.
Private Key Password: Snowflake password for the key pair authentication.
Snowflake Case Sensitivity
Many of these fields are required to be uppercase in Snowflake. If you run into issues connecting, try with an uppercase Username, Database, Warehouse, and Role.
Broken Connection
If any of these fields are changed in Snowflake (ex., a user is renamed), then the DataBee connection will break. Any changes to the Snowflake identifiers also require updating this connection in the DataBee UI.
Click on the Test Connectivity button to ensure that DataBee can successfully connect to your Snowflake account. If the test is successful, click on the Submit button to save the Snowflake connection details in DataBee.