❄️Snowflake
How does Rasgo work with Snowflake?
Rasgo is a metadata-only product, meaning all of your actual data stay in your data warehouse and Rasgo queries it there via dynamically generating SQL.
Rasgo performs reads-only operations in your Snowflake env:
Rasgo reads the information schema for tables and columns it has access to
Rasgo dynamically generates and executes SQL on behalf of the user to analyze data
Connecting to Snowflake
IP Restrictions
Rasgo will always connect to your Snowflake account from these IP addresses. Make sure to whitelist them if you have networking restrictions enabled in Snowflake.
54.84.138.60
54.84.66.109
Credentials
Rasgo can use 2 different types of user credentials to authenticate to and execute SQL queries in your Snowflake account:
Service Account
End User Credentials (via Snowflake OAuth)
Service Account Credentials
Rasgo needs service account user credentials to authenticate to and execute SQL queries in your account. The role you assign to this user will also need access to the source tables or views that you want to transform and visualize in Rasgo.
Here's a setup script to run in Snowflake to create the service account user, if you don't already have one:
When connecting Rasgo to your Snowflake account, you'll need to provide this info:
Database
Snowflake database to create new views and tables in
RASGO
Warehouse
Compute warehouse to use in Snowflake to run SQL
RASGO_WH
Schema
Schema to create new views and tables in
PUBLIC
Role
Snowflake role for the user to use
RASGO
User
Snowflake username
RASGO_USER
Password
Snowflake password
i<3rasgo
(Optional) Snowflake OAuth Credentials
To allow users to login with their own Snowflake credentials, and authenticate via an OAuth token with Rasgo, you will need to run the following script Snowflake and enter the values in your Organization's Admin screen.
After configuring OAuth Credentials, Rasgo users will go through the following steps:
Sign in to Rasgo
Rasgo will redirect them to Snowflake to authenticate
After successfully authenticating with Snowflake, Snowflake redirects to Rasgo and passes a temporary OAuth token
Rasgo will use this OAuth token to issue queries on behalf of the user
Unless the user provides a specific role to use within Rasgo, Rasgo will use their default role according to Snowflake. Please make sure that this default role has the necessary permissions to use Rasgo.
If users ever need to change the role that Rasgo is using for them, they can do so within the "My Account" page in the App.
(Optional) Set up an External Stage for downloads
Rasgo can use an External Stage to download .csv files to a private Cloud Storage location you set up.
If you choose this option, the following things are needed:
Create an External Stage in your Snowflake account (NOTE: The stage should be located in the database.schema you entered with your Service Account credentials)
Grant
USAGE
access on the Stage to the Snowflake Service Account you set up aboveEnter the Stage name into the Rasgo Admin Settings Screen
If you choose to export files to an External Stage, all queries that copy the data will be run by your Snowflake Service Account (even if you have OAuth user access configured).
Ensure that your Service Account has access to all the data objects it will need to export, and usage access to the stage.
Success!
Configuration is complete! You're ready to start using Rasgo.
Last updated