Warehouse Native
connecting-your-warehouse
Snowflake Connection

Overview

To set up Warehouse Native connection with Snowflake, Statsig needs the following

  • Account Name
  • Database Name
  • Schema Name
  • Service User Name
  • Service User Password

The service user needs the following permissions:

  • READ on any tables you are using for experimentation
  • USAGE/WRITE on a Statsig-specific Schema we'll use to materialize temp tables and results

Account Name

For the Account Name field, please enter in the format of <id>.<region>.<provider>. So, your information may look something like this:

xy12345.us-central1.gcp

To get this information navigate to bottom left in your Snowflake console, as shown in the picture below and copy the link URL:

Frame 6

The copied URL will look something like this:

https://xy12345.us-central1.gcp.snowflakecomputing.com

You can extract information from here to get the required fields for Account Name, which for this example would be xy12345.us-central1.gcp.

:::info Using <orgname>-<account_name> for Account Name

For the Account Name field, you can also enter your Snowflake account identifier (opens in a new tab), which typically takes the form <orgname>-<account_name>. To find the <orgname> in the Snowflake console, click on your account profile (usually at the bottom left) to view account details as shown below.

image :::

Database and Schema Name

Provide the Schema and corresponding Database where Statsig will be able to materialize results

Frame 7

Boilerplate Setup SQL

To create a Statsig user with the sufficient privileges, as well as a Statsig staging Schema, run the following code in your Snowflake worksheet that has sysadmin and securityadmin roles.

Replace <USER> and <PASSWORD> with your value, which you will copy over into our console.

Depending on the scope of your data, you may want to adjust the size of the warehouse created.

BEGIN;
  -- set up variable values to be used in statements later
  -- make sure to configure user_name and user_password with your own values
  SET user_name = '<USERNAME>'; -- REPLACE WITH YOUR OWN VALUE
  SET user_password = '<PASSWORD>'; -- REPLACE WITH YOUR OWN VALUE
  SET role_name = 'STATSIG_ROLE';
 
  -- change role to sysadmin for warehouse / database steps
  USE ROLE sysadmin;
 
  -- create a warehouse, database, schema and tables for Statsig
  CREATE OR REPLACE WAREHOUSE STATSIG WITH warehouse_size='XLARGE'; -- adjust based on your data size
  CREATE DATABASE IF NOT EXISTS STATSIG_STAGING;
  CREATE SCHEMA IF NOT EXISTS STATSIG_STAGING.STATSIG_TABLES;
 
  -- change current role to securityadmin to create role and user for Statsig's access
  USE ROLE securityadmin;
 
  -- create role for Statsig
  CREATE ROLE IF NOT EXISTS identifier($role_name);
  GRANT ROLE identifier($role_name) TO ROLE SYSADMIN;
 
  -- create a user for Statsig
  CREATE USER IF NOT EXISTS identifier($user_name)
  password = $user_password
  default_role = $role_name
  default_namespace = STATSIG_STAGING.STATSIG_TABLES
  default_warehouse = STATSIG;
  GRANT ROLE identifier($role_name) TO USER identifier($user_name);
 
  -- grant Statsig role access to create warehouse and schema
  GRANT USAGE ON WAREHOUSE STATSIG TO ROLE identifier($role_name);
  GRANT USAGE ON SCHEMA STATSIG_STAGING.STATSIG_TABLES TO ROLE identifier($role_name);
  GRANT CREATE SCHEMA, MONITOR, USAGE ON DATABASE STATSIG_STAGING TO ROLE identifier($role_name);
 
  -- ONLY GIVE THIS LEVEL OF ACCESS in the staging schema.
  GRANT CREATE TABLE ON SCHEMA STATSIG_STAGING.STATSIG_TABLES TO ROLE identifier($role_name);
  GRANT SELECT, UPDATE, INSERT, DELETE ON ALL TABLES IN SCHEMA STATSIG_STAGING.STATSIG_TABLES TO ROLE identifier($role_name);
  GRANT SELECT, UPDATE, INSERT, DELETE ON FUTURE TABLES IN SCHEMA STATSIG_STAGING.STATSIG_TABLES TO ROLE identifier($role_name);
  GRANT OWNERSHIP ON FUTURE TABLES IN SCHEMA STATSIG_STAGING.STATSIG_TABLES TO ROLE identifier($role_name);
 
  -- grant Statsig role read access to database and schema passed in
  -- do this at a table level, database level, and/or schema level
  -- for data Statsig needs to access
  GRANT USAGE ON DATABASE <DATABASE> TO ROLE identifier($role_name);
  GRANT USAGE ON SCHEMA <DATABASE>.<SCHEMA> TO ROLE identifier($role_name);
  GRANT SELECT ON ALL TABLES IN DATABASE <DATABASE> TO ROLE identifier($role_name);
  GRANT SELECT ON FUTURE TABLES IN DATABASE <DATABASE> TO ROLE identifier($role_name);
  GRANT SELECT ON ALL VIEWS IN DATABASE <DATABASE> TO ROLE identifier($role_name);
  GRANT SELECT ON FUTURE VIEWS IN DATABASE <DATABASE> TO ROLE identifier($role_name);
 
COMMIT;

What IP addresses will Statsig access data warehouses from?

See FAQ (opens in a new tab)

Scheduled ReloadsAutotune (Beta)