❄

Snowflake

How does Rasgo work with Snowflake?
Rasgo is a metadata-only product, meaning all of your actual rows and columns stay in your data warehouse and Rasgo interacts with your data via dynamically generating SQL.
Rasgo performs both reads and writes to Snowflake:
Rasgo catalogs tables and views in any database it has access to
Rasgo dynamically generates and executes SQL on behalf of the user to transform and analyze data
Rasgo can publish new tables and views into a single Snowflake database
Connecting to Snowflake
IP Restrictions
Rasgo will always connect to your Snowflake account from these IP addresses. Make sure to whitelist them if you have networking restrictions enabled in Snowflake.
IP Address
54.84.138.60
54.84.66.109
Credentials
Rasgo can use 2 different types of user credentials to authenticate to and execute SQL queries in your Snowflake account:
1.Service Account
2.End User Credentials (via Snowflake OAuth)
Service Account Credentials
Rasgo needs service account user credentials to authenticate to and execute SQL queries in your account. The role you assign to this user will also need access to the source tables or views that you want to transform and visualize in Rasgo.
Here's a setup script to run in Snowflake to create the service account user, if you don't already have one:
Snowflake Setup Script
----------------------
  -- Create Role
  ----------------------
  USE ROLE USERADMIN;
  CREATE ROLE IF NOT EXISTS RASGO;
​
  USE ROLE SECURITYADMIN;
  GRANT ROLE RASGO TO ROLE SYSADMIN;
​
  ----------------------
  --Create DB & WH
  ----------------------
  USE ROLE SYSADMIN;
  CREATE WAREHOUSE IF NOT EXISTS RASGO_WH WITH WAREHOUSE_SIZE = 'LARGE' WAREHOUSE_TYPE = 'STANDARD' AUTO_SUSPEND = 300 AUTO_RESUME = TRUE;
  CREATE DATABASE IF NOT EXISTS RASGO;
​
  ----------------------
  -- Manage Grants
  ----------------------
  USE ROLE SYSADMIN;
  GRANT OPERATE, USAGE ON WAREHOUSE RASGO_WH TO ROLE RASGO;
  GRANT USAGE ON DATABASE RASGO TO ROLE RASGO;
  GRANT USAGE ON SCHEMA RASGO.PUBLIC TO ROLE RASGO;
  GRANT CREATE TABLE, CREATE VIEW, CREATE STAGE ON SCHEMA RASGO.PUBLIC TO ROLE RASGO;
  GRANT SELECT ON ALL TABLES IN DATABASE RASGO TO ROLE RASGO;
  GRANT SELECT ON ALL VIEWS IN DATABASE RASGO TO ROLE RASGO;
​
  USE ROLE ACCOUNTADMIN;
  GRANT SELECT ON FUTURE TABLES IN DATABASE RASGO TO ROLE RASGO;
  GRANT SELECT ON FUTURE VIEWS IN DATABASE RASGO TO ROLE RASGO;
​
  ----------------------
  -- Grant Data Access
  ----------------------
  USE ROLE SYSADMIN;
  -- Option 1: Grant access to a schema
  GRANT USAGE ON DATABASE <YOUR_DB> TO ROLE RASGO;
  GRANT USAGE ON SCHEMA <YOUR_DB>.<YOUR_SCHEMA> TO ROLE RASGO;
  GRANT SELECT ON ALL TABLES IN SCHEMA <YOUR_DB>.<YOUR_SCHEMA> TO ROLE RASGO;
  -- Option 2: Grant access to individual tables
  GRANT USAGE ON DATABSE <YOUR_DB> TO ROLE RASGO;
  GRANT USAGE ON SCHEMA <YOUR_SCHEMA> TO ROLE RASGO;
  GRANT SELECT ON TABLE <YOUR_DB>.<YOUR_SCHEMA>.<YOUR_TABLE> TO ROLE RASGO;
​
  ----------------------
  -- Create Service Account
  ----------------------
  USE ROLE USERADMIN;
  CREATE USER IF NOT EXISTS RASGOSA
    PASSWORD = '***'
    MUST_CHANGE_PASSWORD = FALSE
    DEFAULT_NAMESPACE = RASGO
    DEFAULT_WAREHOUSE = RASGO_WH
    DEFAULT_ROLE = RASGO;
  -- MANUAL STEP: Share user & password with Rasgo (needed for SSM key)
​
  USE ROLE SECURITYADMIN;
  GRANT ROLE RASGO TO USER RASGOSA;
When connecting Rasgo to your Snowflake account, you'll need to provide this info:
Field
Description
Example
Account
Snowflake account identifier, as described here​
abc12345.snowflakecomputing.com
Database
Snowflake database to create new views and tables in
RASGO
Warehouse
Compute warehouse to use in Snowflake to run SQL
RASGO_WH
Schema
Schema to create new views and tables in
PUBLIC
Role
Snowflake role for the user to use
RASGO
User
Snowflake username
RASGO_USER
Password
Snowflake password
i<3rasgo
Snowflake OAuth Credentials
To allow users to login with their own Snowflake credentials, and authenticate via an OAuth token with Rasgo, you will need to run the following script as the ACCOUNT ADMIN in snowflake and then contact us directly to work through enabling SSO on your Rasgo account.
SSO Setup Script
  ------------------------
  -- Add OAUTH Integration
  ------------------------
CREATE SECURITY INTEGRATION RASGO_OAUTH_INT
  TYPE = OAUTH
  ENABLED = TRUE
  OAUTH_CLIENT = CUSTOM
  OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
  OAUTH_REDIRECT_URI = 'https://app.rasgoml.com/account/integration/snowflake'
  OAUTH_ISSUE_REFRESH_TOKENS = TRUE
  OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;
​
  ------------------------
  -- Show Client ID and Secret to give to Rasgo
  ------------------------
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('RASGO_OAUTH_INT');
After configuring OAuth Credentials, Rasgo users will go through the following steps:
1.Sign in to Rasgo
2.Rasgo will redirect them to Snowflake to authenticate
3.After successfully authenticating with Snowflake, Snowflake redirects to Rasgo and passes a temporary OAuth token
4.Rasgo will use this OAuth token to issue queries on behalf of the user
Unless the user provides a specific role to use within Rasgo, Rasgo will use their default role according to Snowflake. Please make sure that this default role has the necessary permissions to use Rasgo.
If users ever need to change the role that Rasgo is using for them, they can do so within the "My Account" page in the App.
Success!
Configuration is complete! You're ready to start using Rasgo. Next up is importing tables:
Connect Rasgo to your Data

IP Address
54.84.138.60
54.84.66.109

Field	Description	Example
Account	Snowflake account identifier, as described here	abc12345.snowflakecomputing.com
Database	Snowflake database to create new views and tables in	RASGO
Warehouse	Compute warehouse to use in Snowflake to run SQL	RASGO_WH
Schema	Schema to create new views and tables in	PUBLIC
Role	Snowflake role for the user to use	RASGO
User	Snowflake username	RASGO_USER
Password	Snowflake password	i<3rasgo

What's New

Next - Integrations

BigQuery

Last modified 1mo ago