Before you create a Snowflake on Azure workspace
Configuring the source and destination users
Tonic.ai recommends that you create separate accounts for the source and destination databases, even if the databases are in the same Snowflake account. This allows each account to have the minimum permissions needed in the source and destination databases.
If you use the same account, then you must combine the relevant permissions for the source and destination databases into a single role. Snowflake only allows each account to have a single active primary role.
User permissions on the source database
The below permissions create a role with the necessary permissions to act as the source database user. A user is then created and assigned into that role.
The below permissions give read-only data access to a specific database on all current and future schemas, tables, and sequences.
It also grants the role access to a specified warehouse.
User permissions on the destination database
The destination database must exist before Structural can connect to it. The user that you provide to Tonic Structural for connecting to the destination database should be the owner of the database and of all of the objects in the database.
We suggest that you first create a specific Structural destination database user. Then create the destination database from that user's account. If you create the database with another account such as ACCOUNTADMIN
, then you must transfer ownership of the database and all of its objects to the new account.
As part of a Structural data generation job, this user must be able to:
DROP and then create schemas on the output database
Copy data from Azure Blob Storage into tables in the database
The below permissions create a role with the necessary permissions to act as the destination database user. A user is then created and assigned into that role.
The following permissions gives full access to the destination database. They also grant the role access to a specified warehouse. To accommodate a situation where the database was created by another user such as ACCOUNTADMIN
, this includes the required transfer of ownership to the role.
Additional user configuration
Structural requires that the parameter QUOTED_IDENTIFIERS_IGNORE_CASE = false
at either the account or user level.
To set it at the user level, run:
Setting the access key for the Azure Blob Storage account
Structural uses an Azure storage account to load and unload data to and from Azure Blob Storage. You provide the storage account name in the workspace configuration.
You provide the access key for the storage account as the value of the environment setting TONIC_AZURE_BLOB_STORAGE_ACCOUNT_KEY
. See Configuring environment settings.
You can obtain the access key from the storage account portal under Access keys. Structural uses this key to authorize API calls when it unloads and loads data to and from Azure Blob Storage.
Configuring whether Structural creates the destination database schema
By default, during each data generation job, Structural creates the database schema for the destination database tables, then populates the database tables based on the workspace configuration.
If you prefer to manage the destination database schema yourself, then set the environment setting TONIC_SNOWFLAKE_SKIP_CREATE_DB
to true
. You can add this setting manually to the Environment Settings list on Structural Settings.
The environment setting applies to both Snowflake on AWS and Snowflake on Azure.
When TONIC_SNOWFLAKE_SKIP_CREATE_DB
is true
, then Structural does not create the destination database schema. Before you run data generation, you must create the destination database with the full schema.
During data generation, Structural deletes the data from the destination database tables, except for tables that use Preserve Destination mode. It then populates the tables with the new destination data.
Last updated