Snowflake hero Openlayer integrates with Snowflake so you can run data quality tests directly on your Snowflake tables. The integration uses a dedicated service user and role, ensuring secure, auditable access without sharing passwords.

Prerequisites

To follow this guide, you need:
  • A Snowflake account with access to the target tables
  • Permissions to create users and roles in your Snowflake account
  • A warehouse provisioned for running queries
  • An Openlayer project with monitoring mode enabled

Setup Guide

Step 1: Create a dedicated user and role

In Snowflake, create a role and user for Openlayer. This role will be used to run queries securely. Run the following in a SQL worksheet, replacing placeholders: 
-- Variables (replace with your values)
set role_name = 'OPENLAYER_FILE_IMPORTER_ROLE';
set user_name = 'OPENLAYER_FILE_IMPORTER';
set warehouse_name = '[WAREHOUSE_NAME]';

-- Use Security Admin role for creating users/roles
use role securityadmin;

-- Create role for Openlayer
create role if not exists identifier($role_name);

-- Create a dedicated service user
create user if not exists identifier($user_name);
alter user identifier($user_name) set default_role = $role_name;
alter user identifier($user_name) set default_warehouse = $warehouse_name;
alter user identifier($user_name) set type = 'SERVICE';

-- Assign the role to the user
grant role identifier($role_name) to user identifier($user_name);

-- Associate a public key with the user for key-based authentication
ALTER USER identifier($user_name) SET RSA_PUBLIC_KEY='YOUR_PUBLIC_KEY';
Keep the private key secure — you will need to provide it when connecting Openlayer.

Step 2: Grant role permissions

The Openlayer role must have USAGE on the warehouse, database, and schema, and SELECT on the target tables. 
-- Replace with your actual database/schema/table
grant USAGE on warehouse [WAREHOUSE_NAME] to role OPENLAYER_FILE_IMPORTER_ROLE;
grant USAGE on database [DATABASE_NAME] to role OPENLAYER_FILE_IMPORTER_ROLE;
grant USAGE on schema [DATABASE_NAME].[SCHEMA_NAME] to role OPENLAYER_FILE_IMPORTER_ROLE;
grant SELECT on table [DATABASE_NAME].[SCHEMA_NAME].[TABLE_NAME] to role OPENLAYER_FILE_IMPORTER_ROLE;
Repeat the last grants for every schema/table you want Openlayer to monitor.

Step 3: Connect inside Openlayer

In your Openlayer workspace:
  1. Go to Data sources and select Snowflake.
  2. Click Connect.
  3. Fill in the fields:
  • Snowflake user: the Snowflake username
  • Snowflake role: the role with permissions
  • Snowflake account: your account identifier (e.g. xy12345.us-east-1)
  • Snowflake warehouse: the warehouse to run queries
  • Snowflake private key: the private key corresponding to the public key set on the Snowflake user
  • Name: a descriptive label for this connection
Configure Snowflake connection

Step 4: Configure your table

After the connection is created, select the table to monitor:
  • Database: name of the database
  • Schema: schema containing the table
  • Table: table name
  • Timestamp column: column used to order/filter data for monitoring windows
  • Unique id column: column used to identify unique rows for monitoring windows (recommended)
  • Data source name: a descriptive name in Openlayer

Optional: ML-specific settings

If the table contains ML outputs, you can provide additional context:
  • Class names
  • Feature names
  • Categorical feature names
This enables Openlayer to run ML-aware tests such as performance monitoring and drift detection.

Troubleshooting

  • Permission errors → verify your role has USAGE on the database/schema/warehouse and SELECT on the table.
  • Key errors → check that your public key is registered to the Snowflake user and that you are providing the correct private key.
  • Empty results → confirm the timestamp column is populated and the right table is selected.