> For the complete documentation index, see [llms.txt](https://ask.birdie.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ask.birdie.ai/~/revisions/5vNgx1SBLaM9wSz456q7/integrations-and-data-ingestion/how-to-integrate-with/snowflake.md). # Snowflake ## Overview Birdie using read-only access: * Integration via **Reader Account** (Snowflake Data Sharing) – recommended for shared-data environments * Integration via **Direct OAuth Connection** – recommended when Birdie connects directly to your main Snowflake account Birdie can import data from Snowflake into Birdie for analytics, enrichment and reporting purposes, including: * Customers and accounts * Operational and reference tables * Feedback-related datasets exposed by the client Because each Snowflake installation is unique, Birdie’s team will work **with your IT administrators to finalize details**. This article explains how your Snowflake admin **can generate and provide the credentials needed to enable the integration**. Birdie connects to a Snowflake Reader Account created via Snowflake Data Sharing. Birdie runs SELECT queries against databases instantiated from shared objects in that reader account.This model is common when: * Your organization already uses provider to consumer data sharing * You want strict isolation between your production Snowflake account and external consumers such as Birdie ## Schema requirements All Birdie database connectors (Snowflake, Databricks, BigQuery, etc.) require one table or view per feedback type, following the Birdie schema definition.\ \ Examples of feedback types: * nps * csat * review * social\_media\_post * support\_ticket Each feedback type must exist as: * A table, or * A view Birdie provides the detailed schema reference separately (same model as the S3 schema documentation). ## Reader Account method ### Overview Birdie connects to a Snowflake Reader Account created via Snowflake Data Sharing. Birdie runs SELECT queries against databases instantiated from shared objects in that reader account.This model is common when: * Your organization already uses provider to consumer data sharing * You want strict isolation between your production Snowflake account and external consumers such as Birdie ### Requirements Before starting: * Your account supports provider [data sharing](https://docs.snowflake.com/en/user-guide/data-share-intro) * You have ACCOUNTADMIN (or equivalent) access on the reader account * The provider account already exposes the necessary shares with the data Birdie will use ### Setup in Snowflake {% stepper %} {% step %} ### Log into the Reader Account Use SnowSQL, the Snowflake Web UI, or another supported client: {% code title="Set a role" %} ```sql USE ROLE ACCOUNTADMIN; ``` {% endcode %} {% endstep %} {% step %} ### (Optional) Create a dedicated role for Birdie {% code title="Create a dedicated role" %} ```sql CREATE ROLE BIRDIE_READ; ``` {% endcode %} {% endstep %} {% step %} ### Create the Birdie user inside the reader account {% code title="Create user" %} ```sql CREATE USER BIRDIE_USER PASSWORD = '' DEFAULT_ROLE = BIRDIE_READ MUST_CHANGE_PASSWORD = FALSE; ``` {% endcode %} {% code title="Grant user" %} ```sql GRANT ROLE BIRDIE_READ TO USER BIRDIE_USER; ``` {% endcode %} {% endstep %} {% step %} ### (Optional) Create a resource monitor {% code title="Create user" %} ```sql CREATE USER BIRDIE_USER PASSWORD = '' DEFAULT_ROLE = BIRDIE_READ MUST_CHANGE_PASSWORD = FALSE; ``` {% endcode %} {% endstep %} {% step %} ### Create a virtual warehouse in the reader account {% code title="Create warehouse" %} ```sql CREATE WAREHOUSE BIRDIE_WH WAREHOUSE_SIZE = SMALL AUTO_SUSPEND = 60 AUTO_RESUME = TRUE; ``` {% endcode %} {% endstep %} {% step %} ### Instantiate databases from provider shares {% code title="Create shares" %} ```sql CREATE DATABASE SHARED_DB_1 FROM SHARE .; CREATE DATABASE SHARED_DB_2 FROM SHARE .; ``` {% endcode %} {% endstep %} {% step %} ### Grant privileges to the Birdie role Warehouse usage: {% code title="Grant role" %} ```sql GRANT USAGE ON WAREHOUSE BIRDIE_WH TO ROLE BIRDIE_READ; ``` {% endcode %} Imported privileges on shared databases {% code title="Grant role" %} ```sql GRANT IMPORTED PRIVILEGES ON DATABASE SHARED_DB_1 TO ROLE BIRDIE_READ; GRANT IMPORTED PRIVILEGES ON DATABASE SHARED_DB_2 TO ROLE BIRDIE_READ; ``` {% endcode %} {% endstep %} {% step %} ### Share Reader Account credentials securely with Birdie Provide to Birdie: * Reader account identifier (host) * Username: BIRDIE\_USER * Role: BIRDIE\_READ * Warehouse: BIRDIE\_WH * Database and schema names that contain the shared data * Password or password rotation mechanism Birdie will configure the Snowflake connector using these details and run validation queries from the reader account. {% endstep %} {% endstepper %} ## Integration via Direct OAuth Connection ### Overview In this model, Birdie connects directly to your main Snowflake account using OAuth instead of static passwords.\ \ This is recommended when: * You prefer SSO or OAuth-based access * You do not use Snowflake Data Sharing * You want Birdie to access native production schemas directly ### Requirements * ACCOUNTADMIN (or equivalent) privileges in the main Snowflake account * Access to the Snowflake web console or CLI * The Snowflake connector has been enabled on the Birdie side ### Setup in Snowflake {% stepper %} {% step %} ### Create the OAuth Security Integration {% code title="Create an integration" %} ```sql CREATE SECURITY INTEGRATION BIRDIE_OAUTH_INTEGRATION TYPE = OAUTH ENABLED = TRUE OAUTH_CLIENT = CUSTOM OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = 'https://api.birdie.ai/oauth/callback' OAUTH_ISSUE_REFRESH_TOKENS = TRUE OAUTH_REFRESH_TOKEN_VALIDITY = 7776000; ``` {% endcode %} {% code title="Verify" %} ```sql DESC SECURITY INTEGRATION BIRDIE_OAUTH_INTEGRATION; ``` {% endcode %} {% endstep %} {% step %} ### Create a role and user for Birdie {% code title="Create role" %} ```sql CREATE ROLE BIRDIE_READ; ``` {% endcode %} {% code title="Grant role" %} ```sql GRANT USAGE ON WAREHOUSE TO ROLE BIRDIE_READ; GRANT USAGE ON DATABASE TO ROLE BIRDIE_READ; GRANT USAGE ON SCHEMA TO ROLE BIRDIE_READ; GRANT SELECT ON ALL TABLES IN SCHEMA TO ROLE BIRDIE_READ; ``` {% endcode %} {% code title="Create user" %} ```sql CREATE USER BIRDIE_INTEGRATION_USER PASSWORD = '' DEFAULT_ROLE = BIRDIE_READ MUST_CHANGE_PASSWORD = FALSE; ``` {% endcode %} {% code title="Grant role" %} ```sql GRANT ROLE BIRDIE_READ TO USER BIRDIE_INTEGRATION_USER; ``` {% endcode %} {% endstep %} {% step %} ### Generate and test an OAuth token {% code title="Example using SnowSQL" %} ```shellscript snowsql -a -u BIRDIE_INTEGRATION_USER -o authenticator=oauth -o oauthAccessToken="" -r BIRDIE_READ -w -d -s ``` {% endcode %} {% endstep %} {% step %} ### Share OAuth credentials securely with Birdie Provide: * Account identifier * Username (BIRDIE\_INTEGRATION\_USER) * Role (BIRDIE\_READ) * Warehouse, database and schema to use * OAuth client details if needed * How the access and refresh tokens will be generated and rotated Birdie will configure the connector and confirm once the integration is active. {% endstep %} {% endstepper %} ## Security notes * Birdie never requires admin privileges for day-to-day operations * Access granted to Birdie is read-only, unless a specific export pipeline is explicitly configured * All credentials must be shared via a secure channel * OAuth is preferred over static passwords whenever possible ## Data in scope Once enabled, the Snowflake connector can import data from Snowflake into Birdie (for example, customer, account, or operational tables you expose to the Birdie role) and export Birdie data such as feedback records, areas, opportunities, and metrics back into Snowflake. ## References * ​[Snowflake Data Sharing](https://docs.snowflake.com/en/user-guide/data-share-intro) * ​[Snowflake Security and Roles](https://docs.snowflake.com/en/user-guide/security-access-control-overview) * ​[Snowflake OAuth](https://docs.snowflake.com/en/user-guide/oauth-intro) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://ask.birdie.ai/~/revisions/5vNgx1SBLaM9wSz456q7/integrations-and-data-ingestion/how-to-integrate-with/snowflake.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.