Skip to main content

Snowflake

Snowflake Ingestion through the UI

The following video shows you how to ingest Snowflake metadata through the UI.

Read on if you are interested in ingesting Snowflake metadata using the datahub cli, or want to learn about all the configuration parameters that are supported by the connectors.

Module snowflake

Certified

Important Capabilities

CapabilityStatusNotes
Asset ContainersEnabled by default
Column-level LineageEnabled by default, can be disabled via configuration include_column_lineage
Data ProfilingOptionally enabled via configuration profiling.enabled
Dataset UsageEnabled by default, can be disabled via configuration `include_usage_stats
DescriptionsEnabled by default
Detect Deleted EntitiesOptionally enabled via stateful_ingestion.remove_stale_metadata
DomainsSupported via the domain config field
Extract TagsOptionally enabled via extract_tags
Platform InstanceEnabled by default
Schema MetadataEnabled by default
Table-Level LineageEnabled by default, can be disabled via configuration include_table_lineage and include_view_lineage

Prerequisites

In order to execute this source, your Snowflake user will need to have specific privileges granted to it for reading metadata from your warehouse.

Snowflake system admin can follow this guide to create a DataHub-specific role, assign it the required privileges, and assign it to a new DataHub user by executing the following Snowflake commands from a user with the ACCOUNTADMIN role or MANAGE GRANTS privilege.

create or replace role datahub_role;

// Grant access to a warehouse to run queries to view metadata
grant operate, usage on warehouse "<your-warehouse>" to role datahub_role;

// Grant access to view database and schema in which your tables/views exist
grant usage on DATABASE "<your-database>" to role datahub_role;
grant usage on all schemas in database "<your-database>" to role datahub_role;
grant usage on future schemas in database "<your-database>" to role datahub_role;

// If you are NOT using Snowflake Profiling or Classification feature: Grant references privileges to your tables and views
grant references on all tables in database "<your-database>" to role datahub_role;
grant references on future tables in database "<your-database>" to role datahub_role;
grant references on all external tables in database "<your-database>" to role datahub_role;
grant references on future external tables in database "<your-database>" to role datahub_role;
grant references on all views in database "<your-database>" to role datahub_role;
grant references on future views in database "<your-database>" to role datahub_role;

// If you ARE using Snowflake Profiling or Classification feature: Grant select privileges to your tables
grant select on all tables in database "<your-database>" to role datahub_role;
grant select on future tables in database "<your-database>" to role datahub_role;
grant select on all external tables in database "<your-database>" to role datahub_role;
grant select on future external tables in database "<your-database>" to role datahub_role;

// Create a new DataHub user and assign the DataHub role to it
create user datahub_user display_name = 'DataHub' password='' default_role = datahub_role default_warehouse = '<your-warehouse>';

// Grant the datahub_role to the new DataHub user.
grant role datahub_role to user datahub_user;

The details of each granted privilege can be viewed in snowflake docs. A summarization of each privilege, and why it is required for this connector:

  • operate is required on warehouse to execute queries
  • usage is required for us to run queries using the warehouse
  • usage on database and schema are required because without it tables and views inside them are not accessible. If an admin does the required grants on table but misses the grants on schema or the database in which the table/view exists then we will not be able to get metadata for the table/view.
  • If metadata is required only on some schemas then you can grant the usage privilieges only on a particular schema like
grant usage on schema "<your-database>"."<your-schema>" to role datahub_role;

This represents the bare minimum privileges required to extract databases, schemas, views, tables from Snowflake.

If you plan to enable extraction of table lineage, via the include_table_lineage config flag, extraction of usage statistics, via the include_usage_stats config, or extraction of tags (without lineage), via the extract_tags config, you'll also need to grant access to the Account Usage system tables, using which the DataHub source extracts information. This can be done by granting access to the snowflake database.

grant imported privileges on database snowflake to role datahub_role;

Caveats

  • Some of the features are only available in the Snowflake Enterprise Edition. This doc has notes mentioning where this applies.
  • The underlying Snowflake views that we use to get metadata have a latency of 45 minutes to 3 hours. So we would not be able to get very recent metadata in some cases like queries you ran within that time period etc.
  • If there is any incident going on for Snowflake we will not be able to get the metadata until that incident is resolved.

CLI based Ingestion

Install the Plugin

pip install 'acryl-datahub[snowflake]'

Starter Recipe

Check out the following recipe to get started with ingestion! See below for full configuration options.

For general pointers on writing and running a recipe, see our main recipe guide.

source:
type: snowflake
config:
# This option is recommended to be used to ingest all lineage
ignore_start_time_lineage: true

# Coordinates
account_id: "abc48144"
warehouse: "COMPUTE_WH"

# Credentials
username: "${SNOWFLAKE_USER}"
password: "${SNOWFLAKE_PASS}"
role: "datahub_role"

# (Optional) Uncomment and update this section to filter ingested datasets
# database_pattern:
# allow:
# - "^ACCOUNTING_DB$"
# - "^MARKETING_DB$"

profiling:
# Change to false to disable profiling
enabled: true
# This option is recommended to reduce profiling time and costs.
turn_off_expensive_profiling_metrics: true

# (Optional) Uncomment and update this section to filter profiled tables
# profile_pattern:
# allow:
# - "ACCOUNTING_DB.*.*"
# - "MARKETING_DB.*.*"

# Default sink is datahub-rest and doesn't need to be configured
# See https://datahubproject.io/docs/metadata-ingestion/sink_docs/datahub for customization options

Config Details

Note that a . is used to denote nested fields in the YAML recipe.

View All Configuration Options
Field [Required]TypeDescriptionDefaultNotes
account_id [✅]stringSnowflake account identifier. e.g. xy12345, xy12345.us-east-2.aws, xy12345.us-central1.gcp, xy12345.central-us.azure, xy12345.us-west-2.privatelink. Refer Account Identifiers for more details.None
apply_view_usage_to_tables [✅]booleanAllow/deny patterns for views in snowflake dataset names.None
authentication_type [✅]stringThe type of authenticator to use when connecting to Snowflake. Supports "DEFAULT_AUTHENTICATOR", "EXTERNAL_BROWSER_AUTHENTICATOR" and "KEY_PAIR_AUTHENTICATOR".DEFAULT_AUTHENTICATOR
bucket_duration [✅]EnumSize of the time window to aggregate usage stats.DAY
check_role_grants [✅]booleanNot supportedNone
connect_args [✅]objectConnect args to pass to Snowflake SqlAlchemy driverNone
convert_urns_to_lowercase [✅]booleanTrue
email_domain [✅]stringEmail domain of your organisation so users can be displayed on UI appropriately.None
end_time [✅]string(date-time)Latest date of usage to consider. Default: Current time in UTCNone
extract_tags [✅]EnumOptional. Allowed values are without_lineage, with_lineage, and skip (default). without_lineage only extracts tags that have been applied directly to the given entity. with_lineage extracts both directly applied and propagated tags, but will be significantly slower. See the Snowflake documentation for information about tag lineage/propagation.skip
format_sql_queries [✅]booleanWhether to format sql queriesNone
ignore_start_time_lineage [✅]booleanNone
include_column_lineage [✅]booleanIf enabled, populates the column lineage. Supported only for snowflake table-to-table and view-to-table lineage edge (not supported in table-to-view or view-to-view lineage edge yet). Requires appropriate grants given to the role.True
include_external_url [✅]booleanWhether to populate Snowsight url for Snowflake ObjectsTrue
include_operational_stats [✅]booleanWhether to display operational stats.True
include_read_operational_stats [✅]booleanWhether to report read operational stats. Experimental.None
include_table_lineage [✅]booleanIf enabled, populates the snowflake table-to-table and s3-to-snowflake table lineage. Requires appropriate grants given to the role and Snowflake Enterprise Edition or above.True
include_table_location_lineage [✅]booleanIf the source supports it, include table lineage to the underlying storage location.True
include_tables [✅]booleanWhether tables should be ingested.True
include_technical_schema [✅]booleanIf enabled, populates the snowflake technical schema and descriptions.True
include_top_n_queries [✅]booleanWhether to ingest the top_n_queries.True
include_usage_stats [✅]booleanIf enabled, populates the snowflake usage statistics. Requires appropriate grants given to the role.True
include_view_lineage [✅]booleanIf enabled, populates the snowflake view->table and table->view lineages (no view->view lineage yet). Requires appropriate grants given to the role, and include_table_lineage to be True. view->table lineage requires Snowflake Enterprise Edition or above.True
include_views [✅]booleanWhether views should be ingested.True
match_fully_qualified_names [✅]booleanWhether schema_pattern is matched against fully qualified schema name <catalog>.<schema>.None
options [✅]objectAny options specified here will be passed to SQLAlchemy's create_engine as kwargs. See https://docs.sqlalchemy.org/en/14/core/engines.html#sqlalchemy.create_engine for details.None
password [✅]string(password)Snowflake password.None
platform_instance [✅]stringThe instance of the platform that all assets produced by this recipe belong toNone
private_key [✅]stringPrivate key in a form of '-----BEGIN PRIVATE KEY-----\nprivate-key\n-----END PRIVATE KEY-----\n' if using key pair authentication. Encrypted version of private key will be in a form of '-----BEGIN ENCRYPTED PRIVATE KEY-----\nencrypted-private-key\n-----END ECNCRYPTED PRIVATE KEY-----\n' See: https://docs.snowflake.com/en/user-guide/key-pair-auth.htmlNone
private_key_password [✅]string(password)Password for your private key. Required if using key pair authentication with encrypted private key.None
private_key_path [✅]stringThe path to the private key if using key pair authentication. Ignored if private_key is set. See: https://docs.snowflake.com/en/user-guide/key-pair-auth.htmlNone
role [✅]stringSnowflake role.None
scheme [✅]stringsnowflake
start_time [✅]string(date-time)Earliest date of usage to consider. Default: Last full day in UTC (or hour, depending on bucket_duration)None
store_last_profiling_timestamps [✅]booleanEnable storing last profile timestamp in store.None
store_last_usage_extraction_timestamp [✅]booleanEnable checking last usage timestamp in store.True
top_n_queries [✅]integerNumber of top queries to save to each table.10
upstream_lineage_in_report [✅]booleanNone
username [✅]stringSnowflake username.None
warehouse [✅]stringSnowflake warehouse.None
env [✅]stringThe environment that all assets produced by this connector belong toPROD
classification [✅]ClassificationConfigFor details, refer Classification.None
classification.enabled [❓ (required if classification is set)]booleanWhether classification should be used to auto-detect glossary termsNone
classification.info_type_to_term [❓ (required if classification is set)]map(str,string)None
classification.classifiers [❓ (required if classification is set)]array(object)None
classification.classifiers.config [❓ (required if classifiers is set)]objectThe configuration required for initializing the classifier. If not specified, uses defaults for classifer type.None
classification.classifiers.type [❓ (required if classifiers is set)]stringThe type of the classifier to use. For DataHub, use datahubNone
classification.column_pattern [❓ (required if classification is set)]AllowDenyPatternRegex patterns to filter columns for classification. This is used in combination with other patterns in parent config. Specify regex to match the column name in database.schema.table.column format.{'allow': ['.*'], 'deny': [], 'ignoreCase': True}
classification.column_pattern.allow [❓ (required if column_pattern is set)]array(string)None
classification.column_pattern.deny [❓ (required if column_pattern is set)]array(string)None
classification.column_pattern.ignoreCase [❓ (required if column_pattern is set)]booleanWhether to ignore case sensitivity during pattern matching.True
classification.table_pattern [❓ (required if classification is set)]AllowDenyPatternRegex patterns to filter tables for classification. This is used in combination with other patterns in parent config. Specify regex to match the entire table name in database.schema.table format. e.g. to match all tables starting with customer in Customer database and public schema, use the regex 'Customer.public.customer.*'{'allow': ['.*'], 'deny': [], 'ignoreCase': True}
classification.table_pattern.allow [❓ (required if table_pattern is set)]array(string)None
classification.table_pattern.deny [❓ (required if table_pattern is set)]array(string)None
classification.table_pattern.ignoreCase [❓ (required if table_pattern is set)]booleanWhether to ignore case sensitivity during pattern matching.True
database_pattern [✅]AllowDenyPattern{'allow': ['.*'], 'deny': ['^UTIL_DB$', '^SNOWFLAKE$', '^SNOWFLAKE_SAMPLE_DATA$'], 'ignoreCase': True}
database_pattern.allow [❓ (required if database_pattern is set)]array(string)None
database_pattern.deny [❓ (required if database_pattern is set)]array(string)None
database_pattern.ignoreCase [❓ (required if database_pattern is set)]booleanWhether to ignore case sensitivity during pattern matching.True
domain [✅]map(str,AllowDenyPattern)A class to store allow deny regexesNone
domain.key.allow [❓ (required if domain is set)]array(string)None
domain.key.deny [❓ (required if domain is set)]array(string)None
domain.key.ignoreCase [❓ (required if domain is set)]booleanWhether to ignore case sensitivity during pattern matching.True
oauth_config [✅]OauthConfigurationoauth configuration - https://docs.snowflake.com/en/user-guide/python-connector-example.html#connecting-with-oauthNone
oauth_config.authority_url [❓ (required if oauth_config is set)]stringAuthority url of your identity providerNone
oauth_config.client_id [❓ (required if oauth_config is set)]stringclient id of your registered applicationNone
oauth_config.client_secret [❓ (required if oauth_config is set)]stringclient secret of the application if use_certificate = falseNone
oauth_config.encoded_oauth_private_key [❓ (required if oauth_config is set)]stringbase64 encoded private key content if use_certificate = trueNone
oauth_config.encoded_oauth_public_key [❓ (required if oauth_config is set)]stringbase64 encoded certificate content if use_certificate = trueNone
oauth_config.provider [❓ (required if oauth_config is set)]stringIdentity provider for oauth, e.g- microsoftNone
oauth_config.scopes [❓ (required if oauth_config is set)]array(string)None
oauth_config.use_certificate [❓ (required if oauth_config is set)]booleanDo you want to use certificate and private key to authenticate using oauthNone
profile_pattern [✅]AllowDenyPatternRegex patterns to filter tables (or specific columns) for profiling during ingestion. Note that only tables allowed by the table_pattern will be considered.{'allow': ['.*'], 'deny': [], 'ignoreCase': True}
profile_pattern.allow [❓ (required if profile_pattern is set)]array(string)None
profile_pattern.deny [❓ (required if profile_pattern is set)]array(string)None
profile_pattern.ignoreCase [❓ (required if profile_pattern is set)]booleanWhether to ignore case sensitivity during pattern matching.True
provision_role [✅]SnowflakeProvisionRoleConfigNot supportedNone
provision_role.admin_password [❓ (required if provision_role is set)]string(password)The password to be used for provisioning of role.None
provision_role.admin_role [❓ (required if provision_role is set)]stringThe Snowflake role of admin user used for provisioning of the role specified by role config. System admins can audit the open source code and decide to use a different role.accountadmin
provision_role.admin_username [❓ (required if provision_role is set)]stringThe username to be used for provisioning of role.None
provision_role.drop_role_if_exists [❓ (required if provision_role is set)]booleanUseful during testing to ensure you have a clean slate role. Not recommended for production use cases.None
provision_role.dry_run [❓ (required if provision_role is set)]booleanIf provision_role is enabled, whether to dry run the sql commands for system admins to see what sql grant commands would be run without actually running the grant commands.None
provision_role.enabled [❓ (required if provision_role is set)]booleanWhether provisioning of Snowflake role (used for ingestion) is enabled or not.None
provision_role.run_ingestion [❓ (required if provision_role is set)]booleanIf system admins wish to skip actual ingestion of metadata during testing of the provisioning of role.None
schema_pattern [✅]AllowDenyPatternRegex patterns for schemas to filter in ingestion. Specify regex to only match the schema name. e.g. to match all tables in schema analytics, use the regex 'analytics'{'allow': ['.*'], 'deny': [], 'ignoreCase': True}
schema_pattern.allow [❓ (required if schema_pattern is set)]array(string)None
schema_pattern.deny [❓ (required if schema_pattern is set)]array(string)None
schema_pattern.ignoreCase [❓ (required if schema_pattern is set)]booleanWhether to ignore case sensitivity during pattern matching.True
table_pattern [✅]AllowDenyPatternRegex patterns for tables to filter in ingestion. Specify regex to match the entire table name in database.schema.table format. e.g. to match all tables starting with customer in Customer database and public schema, use the regex 'Customer.public.customer.*'{'allow': ['.*'], 'deny': [], 'ignoreCase': True}
table_pattern.allow [❓ (required if table_pattern is set)]array(string)None
table_pattern.deny [❓ (required if table_pattern is set)]array(string)None
table_pattern.ignoreCase [❓ (required if table_pattern is set)]booleanWhether to ignore case sensitivity during pattern matching.True
tag_pattern [✅]AllowDenyPatternList of regex patterns for tags to include in ingestion. Only used if extract_tags is enabled.{'allow': ['.*'], 'deny': [], 'ignoreCase': True}
tag_pattern.allow [❓ (required if tag_pattern is set)]array(string)None
tag_pattern.deny [❓ (required if tag_pattern is set)]array(string)None
tag_pattern.ignoreCase [❓ (required if tag_pattern is set)]booleanWhether to ignore case sensitivity during pattern matching.True
user_email_pattern [✅]AllowDenyPatternregex patterns for user emails to filter in usage.{'allow': ['.*'], 'deny': [], 'ignoreCase': True}
user_email_pattern.allow [❓ (required if user_email_pattern is set)]array(string)None
user_email_pattern.deny [❓ (required if user_email_pattern is set)]array(string)None
user_email_pattern.ignoreCase [❓ (required if user_email_pattern is set)]booleanWhether to ignore case sensitivity during pattern matching.True
view_pattern [✅]AllowDenyPatternRegex patterns for views to filter in ingestion. Note: Defaults to table_pattern if not specified. Specify regex to match the entire view name in database.schema.view format. e.g. to match all views starting with customer in Customer database and public schema, use the regex 'Customer.public.customer.*'{'allow': ['.*'], 'deny': [], 'ignoreCase': True}
view_pattern.allow [❓ (required if view_pattern is set)]array(string)None
view_pattern.deny [❓ (required if view_pattern is set)]array(string)None
view_pattern.ignoreCase [❓ (required if view_pattern is set)]booleanWhether to ignore case sensitivity during pattern matching.True
profiling [✅]GEProfilingConfig{'enabled': False, 'limit': None, 'offset': None, 'report_dropped_profiles': False, 'turn_off_expensive_profiling_metrics': False, 'profile_table_level_only': False, 'include_field_null_count': True, 'include_field_distinct_count': True, 'include_field_min_value': True, 'include_field_max_value': True, 'include_field_mean_value': True, 'include_field_median_value': True, 'include_field_stddev_value': True, 'include_field_quantiles': False, 'include_field_distinct_value_frequencies': False, 'include_field_histogram': False, 'include_field_sample_values': True, 'field_sample_values_limit': 20, 'max_number_of_fields_to_profile': None, 'profile_if_updated_since_days': None, 'profile_table_size_limit': 5, 'profile_table_row_limit': 5000000, 'profile_table_row_count_estimate_only': False, 'max_workers': 20, 'query_combiner_enabled': True, 'catch_exceptions': True, 'partition_profiling_enabled': True, 'partition_datetime': None}
profiling.catch_exceptions [❓ (required if profiling is set)]booleanTrue
profiling.enabled [❓ (required if profiling is set)]booleanWhether profiling should be done.None
profiling.field_sample_values_limit [❓ (required if profiling is set)]integerUpper limit for number of sample values to collect for all columns.20
profiling.include_field_distinct_count [❓ (required if profiling is set)]booleanWhether to profile for the number of distinct values for each column.True
profiling.include_field_distinct_value_frequencies [❓ (required if profiling is set)]booleanWhether to profile for distinct value frequencies.None
profiling.include_field_histogram [❓ (required if profiling is set)]booleanWhether to profile for the histogram for numeric fields.None
profiling.include_field_max_value [❓ (required if profiling is set)]booleanWhether to profile for the max value of numeric columns.True
profiling.include_field_mean_value [❓ (required if profiling is set)]booleanWhether to profile for the mean value of numeric columns.True
profiling.include_field_median_value [❓ (required if profiling is set)]booleanWhether to profile for the median value of numeric columns.True
profiling.include_field_min_value [❓ (required if profiling is set)]booleanWhether to profile for the min value of numeric columns.True
profiling.include_field_null_count [❓ (required if profiling is set)]booleanWhether to profile for the number of nulls for each column.True
profiling.include_field_quantiles [❓ (required if profiling is set)]booleanWhether to profile for the quantiles of numeric columns.None
profiling.include_field_sample_values [❓ (required if profiling is set)]booleanWhether to profile for the sample values for all columns.True
profiling.include_field_stddev_value [❓ (required if profiling is set)]booleanWhether to profile for the standard deviation of numeric columns.True
profiling.limit [❓ (required if profiling is set)]integerMax number of documents to profile. By default, profiles all documents.None
profiling.max_number_of_fields_to_profile [❓ (required if profiling is set)]integerA positive integer that specifies the maximum number of columns to profile for any table. None implies all columns. The cost of profiling goes up significantly as the number of columns to profile goes up.None
profiling.max_workers [❓ (required if profiling is set)]integerNumber of worker threads to use for profiling. Set to 1 to disable.20
profiling.offset [❓ (required if profiling is set)]integerOffset in documents to profile. By default, uses no offset.None
profiling.partition_datetime [❓ (required if profiling is set)]string(date-time)For partitioned datasets profile only the partition which matches the datetime or profile the latest one if not set. Only Bigquery supports this.None
profiling.partition_profiling_enabled [❓ (required if profiling is set)]booleanTrue
profiling.profile_if_updated_since_days [❓ (required if profiling is set)]numberProfile table only if it has been updated since these many number of days. If set to null, no constraint of last modified time for tables to profile. Supported only in snowflake and BigQuery.None
profiling.profile_table_level_only [❓ (required if profiling is set)]booleanWhether to perform profiling at table-level only, or include column-level profiling as well.None
profiling.profile_table_row_count_estimate_only [❓ (required if profiling is set)]booleanUse an approximate query for row count. This will be much faster but slightly less accurate. Only supported for Postgres.None
profiling.profile_table_row_limit [❓ (required if profiling is set)]integerProfile tables only if their row count is less then specified count. If set to null, no limit on the row count of tables to profile. Supported only in snowflake and BigQuery5000000
profiling.profile_table_size_limit [❓ (required if profiling is set)]integerProfile tables only if their size is less then specified GBs. If set to null, no limit on the size of tables to profile. Supported only in snowflake and BigQuery5
profiling.query_combiner_enabled [❓ (required if profiling is set)]booleanThis feature is still experimental and can be disabled if it causes issues. Reduces the total number of queries issued and speeds up profiling by dynamically combining SQL queries where possible.True
profiling.report_dropped_profiles [❓ (required if profiling is set)]booleanWhether to report datasets or dataset columns which were not profiled. Set to True for debugging purposes.None
profiling.turn_off_expensive_profiling_metrics [❓ (required if profiling is set)]booleanWhether to turn off expensive profiling or not. This turns off profiling for quantiles, distinct_value_frequencies, histogram & sample_values. This also limits maximum number of fields being profiled to 10.None
stateful_ingestion [✅]StatefulStaleMetadataRemovalConfigBase specialized config for Stateful Ingestion with stale metadata removal capability.None
stateful_ingestion.enabled [❓ (required if stateful_ingestion is set)]booleanThe type of the ingestion state provider registered with datahub.None
stateful_ingestion.ignore_new_state [❓ (required if stateful_ingestion is set)]booleanIf set to True, ignores the current checkpoint state.None
stateful_ingestion.ignore_old_state [❓ (required if stateful_ingestion is set)]booleanIf set to True, ignores the previous checkpoint state.None
stateful_ingestion.remove_stale_metadata [❓ (required if stateful_ingestion is set)]booleanSoft-deletes the entities present in the last successful run but missing in the current run with stateful_ingestion enabled.True

Code Coordinates

  • Class Name: datahub.ingestion.source.snowflake.snowflake_v2.SnowflakeV2Source
  • Browse on GitHub

Questions

If you've got any questions on configuring ingestion for Snowflake, feel free to ping us on our Slack