Skip to content

Snowflake role privileges🔗

Snowflake access control works by giving roles sets of privileges on certain objects (databases, schema, tables, and so on).

For example, CREATE is a privilege that can be set on objects such as tables or schema and given to a custom or existing role. That role, when used by Maia, can then create tables. The ALL privilege gives a role every relevant available privilege on an object.

To connect your Snowflake account to Maia, the Snowflake role must have certain privileges enabled. Some examples are listed below.

Matillion recommends using a custom Snowflake role created specifically for Maia, rather than a role such as PUBLIC.

Read GRANT … TO ROLE to learn how to grant privileges to a role.

Required roles🔗

Below is a table of role privileges required for optimal use of Maia. Omitting privileges may come at the cost of features within Maia.

Privilege Object Description
ALL Table Grants all privileges, except OWNERSHIP, on a table.
ALL External Table Grants all privileges, except OWNERSHIP, on an external table.
ALL View Grants all privileges, except OWNERSHIP, on a view.
ALL Schema Grants all privileges, except OWNERSHIP, on a schema.
ALL Stage Creation and general use of Snowflake stages.

The following sections offer some examples of how to grant these privileges.

Warehouse🔗

Grant Usage on warehouse:

GRANT USAGE ON WAREHOUSE <warehouse-name> TO ROLE <role-name>;

Grant Operate on warehouse:

GRANT OPERATE ON WAREHOUSE <warehouse-name> TO ROLE <role-name>;

Database🔗

Grant Usage on database:

GRANT USAGE ON DATABASE <database-name> TO ROLE <role-name>;

Schema🔗

Grant All on schema:

GRANT ALL ON SCHEMA <schema-name> TO ROLE <role-name>;

Table🔗

Grant delete on tables in schema:

GRANT DELETE ON ALL TABLES IN SCHEMA <schema-name> TO ROLE <role-name>;

Authentication methods🔗

Maia currently supports the username/password and key-pair authentication methods for Snowflake.

If using key-pair authentication, read Using Snowflake key-pair authentication to learn how to configure the necessary secrets for this method.

Multi-Factor Authentication connections aren't supported. We advise that customers set up a Snowflake Service Account User for use with Maia projects.

© Copyright 2026 Matillion Ltd | Legal | Privacy Policy | Disclaimer | Modern Slavery Statement