Skip to main content
Who is this guide for? This guide is for administrators and data engineers setting up Snowflake. You’ll need admin access to your Snowflake account (ACCOUNTADMIN or SECURITYADMIN role).

What You’ll Need

Before you begin, ensure you have:
  • Admin access to your Snowflake account (ACCOUNTADMIN or SECURITYADMIN role)
  • Permissions to create users, roles, and grant warehouse access
  • Knowledge of which databases and schemas contain your customer usage data

Configuration Requirements

Quivly requires the following information to connect:
ConfigurationDescription
Account IdentifierYour Snowflake account identifier (e.g., xy12345.us-east-1)
UsernameThe dedicated Quivly service user
Password or Key PairAuthentication credentials
WarehouseThe compute warehouse for queries
DatabaseThe database containing usage data
SchemaOptional — specific schema (or all if not specified)

Setup Instructions

1

Create a Dedicated Role for Quivly

Run the following SQL in your Snowflake worksheet:
-- Create a dedicated role for Quivly
CREATE ROLE IF NOT EXISTS QUIVLY_READER_ROLE;

-- Grant usage on the warehouse Quivly will use
GRANT USAGE ON WAREHOUSE <your_warehouse> TO ROLE QUIVLY_READER_ROLE;
2

Grant Database and Schema Access

Grant read-only access to the databases and schemas containing your customer data:
-- Grant access to a specific database
GRANT USAGE ON DATABASE <your_database> TO ROLE QUIVLY_READER_ROLE;

-- Grant access to schemas within the database
GRANT USAGE ON ALL SCHEMAS IN DATABASE <your_database> TO ROLE QUIVLY_READER_ROLE;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE <your_database> TO ROLE QUIVLY_READER_ROLE;

-- Grant SELECT on tables and views
GRANT SELECT ON ALL TABLES IN DATABASE <your_database> TO ROLE QUIVLY_READER_ROLE;
GRANT SELECT ON FUTURE TABLES IN DATABASE <your_database> TO ROLE QUIVLY_READER_ROLE;
GRANT SELECT ON ALL VIEWS IN DATABASE <your_database> TO ROLE QUIVLY_READER_ROLE;
GRANT SELECT ON FUTURE VIEWS IN DATABASE <your_database> TO ROLE QUIVLY_READER_ROLE;
For tighter security, scope these grants to specific schemas rather than the entire database.
3

Create a Service User

-- Create a dedicated user for Quivly
CREATE USER IF NOT EXISTS QUIVLY_SERVICE_USER
  PASSWORD = '<strong_password>'
  DEFAULT_ROLE = QUIVLY_READER_ROLE
  DEFAULT_WAREHOUSE = <your_warehouse>
  MUST_CHANGE_PASSWORD = FALSE;

-- Assign the role to the user
GRANT ROLE QUIVLY_READER_ROLE TO USER QUIVLY_SERVICE_USER;
Use a strong, unique password. For enhanced security, consider using key pair authentication (see Advanced section below).
4

Find Your Account Identifier

Your account identifier is in your Snowflake URL:Format: https://<account_identifier>.snowflakecomputing.comExamples:
  • URL: https://xy12345.us-east-1.snowflakecomputing.com → Account: xy12345.us-east-1
  • URL: https://mycompany.snowflakecomputing.com → Account: mycompany
Include the region if present (e.g., xy12345.us-east-1).
5

Connect in Quivly

  1. In Quivly, navigate to Settings → Integrations
  2. Click Add Integration and select Snowflake
  3. Enter your Account Identifier
  4. Enter the username (QUIVLY_SERVICE_USER) and password
  5. Specify the warehouse, database, and optionally schema
  6. Click Connect to complete the setup

Snowflake Structure

Snowflake organizes data in a three-level hierarchy:
  • Database — Top-level container for your data
    • Schema — Logical grouping of tables, views, and objects
      • Table/View — Your actual data with rows and columns
Example: ANALYTICS_DBPRODUCTEVENTS

Advanced: Key Pair Authentication

For enhanced security, use RSA key pair authentication instead of passwords. Generate a key pair: 
# Generate private key
openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

# Generate public key
openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
Assign the public key to your user: 
ALTER USER QUIVLY_SERVICE_USER SET RSA_PUBLIC_KEY='<public_key_content>';
When connecting in Quivly, upload the private key file instead of entering a password.

Troubleshooting

Verify that QUIVLY_READER_ROLE has proper grants:
SHOW GRANTS TO ROLE QUIVLY_READER_ROLE;
Ensure USAGE grants on warehouse, database, and schema, plus SELECT on tables.
Ensure your Snowflake account allows connections from Quivly’s IP addresses. Check Admin → Security → Network Policies if you have IP allowlisting enabled.Contact support for Quivly’s IP addresses.
Confirm tables exist in the granted schemas and that FUTURE grants are in place for newly created tables.
The warehouse may be set to auto-suspend. Either increase the auto-suspend timeout or ensure the warehouse is running when Quivly syncs. Quivly will attempt to resume suspended warehouses automatically if the user has OPERATE privileges:
GRANT OPERATE ON WAREHOUSE <your_warehouse> TO ROLE QUIVLY_READER_ROLE;

Cost Optimization

Snowflake charges for compute (warehouse usage). To manage costs:
  • Use an X-Small warehouse — sufficient for most sync operations
  • Set auto-suspend to 1 minute to minimize idle time
  • Consider a dedicated warehouse for Quivly to track usage separately
CREATE WAREHOUSE IF NOT EXISTS QUIVLY_WH
  WAREHOUSE_SIZE = 'X-SMALL'
  AUTO_SUSPEND = 60
  AUTO_RESUME = TRUE;

GRANT USAGE, OPERATE ON WAREHOUSE QUIVLY_WH TO ROLE QUIVLY_READER_ROLE;

Security Notes

  • Quivly only requests read-only (SELECT) access
  • Credentials are encrypted at rest and in transit
  • Revoke access anytime by dropping the user or revoking the role
  • Key pair authentication eliminates password-based risks
Need help?