Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ryft.io/llms.txt

Use this file to discover all available pages before exploring further.

Creating the User and Role

Please use the SQL snippet below to create a user for Ryft. Before using the snippet, you will need to populate the following parameters:
  • ryft_username
  • ryft_warehouse_size
  • ryft_warehouse_name
  • ryft_role_name
Run the following commands as an account admin: 
set ryft_username='RYFT';
set ryft_warehouse_size='XSMALL';
set ryft_warehouse_name='RYFT_WH';
set ryft_role_name='RYFT_ROLE';

USE ROLE ACCOUNTADMIN;

CREATE WAREHOUSE IF NOT EXISTS identifier($ryft_warehouse_name) WAREHOUSE_SIZE=$ryft_warehouse_size INITIALLY_SUSPENDED=TRUE
    AUTO_SUSPEND = 1 AUTO_RESUME = TRUE;

-- Create Ryft role
CREATE ROLE IF NOT EXISTS identifier($ryft_role_name);

-- Create Ryft user
CREATE USER IF NOT EXISTS identifier($ryft_username) DEFAULT_ROLE=$ryft_role_name TYPE=SERVICE;
GRANT ROLE identifier($ryft_role_name) TO USER identifier($ryft_username);

-- Grant permissions to the WH
GRANT USAGE ON WAREHOUSE identifier($ryft_warehouse_name) TO ROLE identifier($ryft_role_name);

-- Grant privileges to allow access to query history and metadata
GRANT IMPORTED PRIVILEGES ON DATABASE "SNOWFLAKE" TO ROLE identifier($ryft_role_name);
GRANT MONITOR ON ACCOUNT TO ROLE identifier($ryft_role_name);

-- Grant privileges to to audit the current access state
GRANT DATABASE ROLE SNOWFLAKE.SECURITY_VIEWER TO ROLE identifier($ryft_role_name);

Creating a key-pair for the service user

Follow Snowflake’s key-pair authentication guide to create a private and public key for the service user you just created.
  • The private key will be needed during the onboarding.
  • Ryft supports using an encrypted or unencrypted private key.
Use this SQL command to assign the public key to the service user in Snowflake: 
ALTER USER identifier($ryft_username) SET RSA_PUBLIC_KEY='<pub key>';

Providing user credentials during onboarding:

  • User: The name of the user created, RYFT by default
  • Private key and optional Private key passphrase for the encrypted private key
  • Account: This would be the part that precedes snowflakecomputing.com in your Snowflake console URL. For example, if you use the URL https://xyz12345.us-east-1.snowflakecomputing.com/ to access Snowflake, your account name will be xyz12345.us-east-1
  • Organization - your snowflake organization ID
  • Warehouse: Please provide the name of the warehouse you chose (default: RYFT_WH).
  • Role - Please provide the name of the role you chose (default: RYFT_ROLE)

IP Access Lists

If you are restricting network access to specific IP addresses, please allow the following IP addresses: 
18.211.150.201
52.45.62.176
35.174.30.119