> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Snowflake role privileges

export const maia = "Maia";

Snowflake access control works by giving roles sets of privileges on certain objects (databases, schema, tables, and so on).

For example, `CREATE` is a privilege that can be set on objects such as tables or schema and given to a custom or existing role. That role, when used by {maia}, can then create tables. The `ALL` privilege gives a role every relevant available privilege on an object.

To connect your Snowflake account to {maia}, the Snowflake [role](https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#roles) must have certain [privileges](https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#label-access-control-overview-privileges) enabled. Some examples are listed below.

We recommend using a [custom Snowflake role](https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#label-access-control-overview-privileges) created specifically for {maia}, rather than a role such as `PUBLIC`.

Read [GRANT \<privileges> … TO ROLE](https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html) to learn how to grant privileges to a role.

***

## Required roles

Below is a table of role privileges required for optimal use of {maia}. Omitting privileges may come at the cost of features within {maia}.

| Privilege | Object         | Description                                                    |
| --------- | -------------- | -------------------------------------------------------------- |
| ALL       | Table          | Grants all privileges, except OWNERSHIP, on a table.           |
| ALL       | External Table | Grants all privileges, except OWNERSHIP, on an external table. |
| ALL       | View           | Grants all privileges, except OWNERSHIP, on a view.            |
| ALL       | Schema         | Grants all privileges, except OWNERSHIP, on a schema.          |
| ALL       | Stage          | Creation and general use of Snowflake stages.                  |

The following sections offer some examples of how to grant these privileges.

### Warehouse

Grant [Usage](https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html#virtual-warehouse-privileges) on warehouse:

```sql theme={null}
GRANT USAGE ON WAREHOUSE <warehouse-name> TO ROLE <role-name>;
```

Grant [Operate](https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html#virtual-warehouse-privileges) on warehouse:

```sql theme={null}
GRANT OPERATE ON WAREHOUSE <warehouse-name> TO ROLE <role-name>;
```

### Database

Grant [Usage](https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html#database-privileges) on database:

```sql theme={null}
GRANT USAGE ON DATABASE <database-name> TO ROLE <role-name>;
```

### Schema

Grant [All](https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html#schema-privileges) on schema:

```sql theme={null}
GRANT ALL ON SCHEMA <schema-name> TO ROLE <role-name>;
```

### Table

Grant [delete](https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html#table-privileges) on tables in schema:

```sql theme={null}
GRANT DELETE ON ALL TABLES IN SCHEMA <schema-name> TO ROLE <role-name>;
```

***

## Authentication methods

{maia} currently supports the username/password and key-pair authentication methods for Snowflake.

If using key-pair authentication, read [Using Snowflake key-pair authentication](/docs/administration/snowflake-key-pair-authentication) to learn how to configure the necessary secrets for this method.

Multi-Factor Authentication connections aren't supported. We advise that customers set up a **Snowflake Service Account User** for use with {maia} projects.
