Snowflake

User

Every Base user has 1 snowflake username: ICA_U_<id>

User/Project-Bundle

For each user/project-bundle combination a role is created: ICA_UR_<id>_<name project/bundle>__<id>

This role receives the viewer or contributor role of the project/bundle, depending on their permissions in ICA.

Roles

Every project or bundle has a dedicated Snowflake database.

For each database, 2 roles are created:

• <project/bundle name>_<id>_VIEWER

• <project/bundle name>_<id>_CONTRIBUTOR

Project viewer role

This role receives

• REFERENCE and SELECT rights on the tables/views within the project's PUBLIC schema.

• Grants on the viewer roles of the bundles linked to the project.

Project contributor role

This role receives the following rights on current an future objects in the project's/bundle database in the PUBLIC schema:

• ownership

• select, insert, update, delete, truncate and references on tables/views/materialized views

• usage on sequences/functions/procedures/file formats

• write, read and usage on stages

• select on streams

• monitor and operate on tasks

It also receives grant on the viewer role of the project.

Warehouses

For each project (not bundle!) 2 warehouses are created, whose size can be changed ICA at projects > your_project > project settings > details.

• <projectname>_<id>_QUERY

• <projectname>_<id>_LOAD