Fivetran
Fivetran might be tricky to integrate with SnowDDL since Fivetran wants to create and manage its own schemas.
How to configure Fivetran with SnowDDL?
1) Manually create WRITE role
While going through Snowflake Setup Guide, use word WRITE
in the name of the role created for Fivetran technical user.
For example: FIVETRAN_WRITE_ROLE
.
2) Manually create READ role
Manually create an additional READ
role to provide read-only access to tables created by Fivetran.
For example: FIVETRAN_READ_ROLE
.
3) Grant READ role to business roles in SnowDDL config
Grant READ
role for Fivetran data to specific business roles using global_roles
property.
How does it work with env prefix?
This approach is compatible with env prefix.
You will have one Fivetran database shared by any number of prefixed "environments" created by SnowDDDL.
You may create views referencing existing tables in Fivetran database, but you should NOT use ${{ env_prefix }}
placeholder.
How does it work with dev account?
This approach can be used when you have separate Snowflake accounts for "development" and "production".
Configure Fivetran for prod account first.
Create OUTBOUND SHARE on prod account.
Grant Fivetran database, schemas and objects to OUTBOUND SHARE.
Add dev account to OUTBOUND SHARE.
Create INBOUND SHARE in dev account with name
FIVETRAN_DATABASE
.Create
FIVETRAN_READ_ROLE
in dev account.Grant
IMPORTED PRIVILEGES
forFIVETRAN_DATABASE
INBOUND SHARE toFIVETRAN_READ_ROLE
in dev account.
With this approach will get an exact copy of data ingested by Fivetran both into prod and dev accounts, but you will have to pay Fivetran only once.
The only real downside is lack of "future grants" to OUTBOUND SHARES. You will have to grant new Fivetran schemas and tables to OUTBOUND SHARE from time to time to make it available in dev account.
What if I need more fine-grained access to Fivetran schemas?
The easiest way to achieve it is to create multiple Snowflake "destinations" in Fivetran, each destination pointing to a separate database. For example: FIVETRAN_REGULAR
and FIVETRAN_FINANCE
. You may reuse write role and warehouse, but you should create separate READ
roles.
Last updated