Get startedGet started for free

Creating new roles, users, and warehouses

1. Creating new roles, users, and warehouses

Let's discuss how to create new roles, users, and warehouses.

2. Snowflake Roles Explained

Enforcing "least-privilege access" is an important task for data engineers. For example, a custom role accessing sensitive employee data should be created for the analysts who need it to perform their job duties. ACCOUNTADMIN has complete access to the Snowflake Account. This role allows a user to manage account-level tasks such as billing and payment methods. Typically, a database administrator should assume this role. SECURITYADMIN can manage access to all objects, such as databases, tables, warehouses, roles, and users. USERADMIN, the child of SECURITYADMIN can manage access to the roles and users it owns. SYSADMIN can manage any objects it creates. Typically, data engineers will assume SYSADMIN, SECURITYADMIN, and USERADMIN roles while analysts will assume the SYSADMIN role. Every user is granted the PUBLIC role. This role can access and manage objects only if an ADMIN role above it chooses to do so. Whatever the PUBLIC role creates will be accessible to all other roles.

3. Creating a new role

We'll create a new custom role for our analysts. To do this, navigate to Admin and then Users & Roles. Under the Roles tab, click on Add Role. We'll give it a name and grant the role SYSADMIN privileges and provide a description mentioning it's for HR analysts. After the role is created it will appear instantly.

4. Creating a new user

Next we'll add a new user and add their information and then choose CUSTOM_ADMIN_HR as the default role. After the user is created, they'll be able to manage any objects owned by the CUSTOM_ADMIN_HR role.

5. Why create a new virtual warehouse?

Let's discuss when creating a new warehouse makes sense. It's common to have separate warehouses for engineers and analysts. Engineers might require a larger warehouse to process and load big data, while analysts might use a smaller warehouse for adhoc queries and analysis. Queries can also be slow if the warehouse size is too small. The number of compute resources depends on the warehouse size. For example, an X-Small Warehouse will have one node to compute queries, a Small Warehouse will have two nodes, and so on, as you can see on the chart.

6. Creating a new virtual warehouse

To create a new warehouse, go to the Admin tab and then Warehouses. Click on the add Warehouse button, enter a new name, and click Create Warehouse. It'll take a few seconds for the warehouse to get created. After it's created, we want to grant the SYSADMIN role usage access to the new warehouse. Click on Warehouses and choose the newly created warehouse. Add Privilege and choose the roles "SYSADMIN" and "USAGE" privilege, then click Grant Privileges. Users with the "SYSADMIN" role can now use the new warehouse to run queries.

7. Let's practice!

Now let's review what we just learned!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.