Troubleshooting Permission Error when Syncing Snowflake to DataHub

Original Slack Thread

This message was deleted.

Hey there! Make sure your message includes the following information if relevant, so we can help more effectively!

<@U06TM7M40RK> Can you help with the questions in this thread?

_Please continue to tag RunLLM (e.g <@U06TM7M40RK>) to have it continue generating responses!

To address the permission error you’re encountering when trying to sync data from Snowflake to DataHub, there are a few steps and checks you can perform:

1. Ensure Proper Role and Privileges:

   • Make sure that the datahub_role has the necessary privileges to access the database, schemas, tables, and views. According to the <https://datahubproject.io/docs/0.13.1/quick-ingestion-guides/snowflake/setup|Snowflake Setup Guide>, you need to grant the following privileges:

   create or replace role datahub_role;
   grant operate, usage on warehouse "<your-warehouse>" to role datahub_role;
   create user datahub_user display_name = 'DataHub' password='<your-password>' default_role = datahub_role default_warehouse = '<your-warehouse>';
   grant role datahub_role to user datahub_user;
   
   set db_var = '"<your-database>"';
   grant usage on DATABASE identifier($db_var) to role datahub_role;
   grant usage on all schemas in database identifier($db_var) to role datahub_role;
   grant usage on future schemas in database identifier($db_var) to role datahub_role;
   grant select on all tables in database identifier($db_var) to role datahub_role;
   grant select on future tables in database identifier($db_var) to role datahub_role;
   grant select on all external tables in database identifier($db_var) to role datahub_role;
   grant select on future external tables in database identifier($db_var) to role datahub_role;
   grant select on all views in database identifier($db_var) to role datahub_role;
   grant select on future views in database identifier($db_var) to role datahub_role;
   grant references on all tables in database identifier($db_var) to role datahub_role;
   grant references on future tables in database identifier($db_var) to role datahub_role;
   grant references on all external tables in database identifier($db_var) to role datahub_role;
   grant references on future external tables in database identifier($db_var) to role datahub_role;
   grant references on all views in database identifier($db_var) to role datahub_role;
   grant references on future views in database identifier($db_var) to role datahub_role;
   grant imported privileges on database snowflake to role datahub_role;
   

2. Check for Specific Privileges:

   • Ensure that the datahub_role has the select and references privileges on all tables and views in the database. This is crucial for DataHub to read metadata and perform data profiling.

3. Verify Database and Schema Access:

   • Confirm that the datahub_role has usage privileges on the database and schemas. Without these, the tables and views inside them will not be accessible.

4. Check for Imported Privileges:

   • If you are using imported databases, make sure to grant IMPORTED PRIVILEGES on those databases to the datahub_role.

5. Review Error Logs:

   • Check the error logs for more specific details about the permission error. This can provide insights into which specific privilege might be missing.

Would you like more detailed steps or further assistance with any of these points?

Sources:

• <https://datahubproject.io/docs/0.13.1/quick-ingestion-guides/snowflake/setup|Snowflake Setup Guide>
• <Snowflake | DataHub Prerequisites> 0 button 0 button Hint: Mention @runllm in the thread for followups.