Von Snowflake verwalteter MCP-Server¶
Übersicht¶
Bemerkung
Snowflake unterstützt das Modellkontextprotokoll in Revision 2025-06-18.
Modell-Kontextprotokoll (MCP) ist ein Open-Source-Standard, der AI-Agenten erlaubt, sicher mit Geschäftsanwendungen und externen Datensystemen wie Datenbanken und Inhaltsrepositorys zu interagieren. Mit MCP können Unternehmen Integrationsherausforderungen reduzieren und schnell Ergebnisse aus Modellen liefern. Seit seiner Einführung ist MCP zu einer grundlegenden Unterstützung für agentenbasierte Anwendungen geworden und bietet einen konsistenten und sicheren Mechanismus für den Aufruf von Tools und den Abruf von Daten.
The Snowflake-managed MCP server lets AI agents securely retrieve data from Snowflake accounts without needing to deploy separate infrastructure. You can configure the MCP server to serve Cortex Analyst, Cortex Search, and Cortex Agents as tools, along with custom tools and SQL executions on the standards-based interface. MCP clients discover and invoke these tools, and retrieve data required for the application. With managed MCP servers on Snowflake, you can build scalable enterprise-grade applications while maintaining access and privacy controls. The MCP server on Snowflake provides:
Standardisierte Integration: Einheitliche Schnittstelle für die Erkennung und den Aufruf von Tools, in Übereinstimmung mit den sich schnell entwickelnden Standards.
Umfassende Authentifizierung: In Snowflake integrierter OAuth-Service, der OAuth-basierte Authentifizierung für MCP-Integrationen ermöglichen soll.
Robuste Governance: Rollenbasierte Zugriffssteuerung (RBAC) für MCP-Server und -Tools zur Verwaltung der Erkennung und des Aufrufs von Tools.
Weitere Informationen zum MCP-Lebenszyklus finden Sie unter Lebenszyklus. Ein Beispiel für eine MCP-Implementierung finden Sie unter Erste Schritte mit dem verwalteten Snowflake MCP-Server Quickstart.
MCP server security recommendations¶
Wichtig
When you configure hostnames for MCP server connections, use hyphens (-) instead of underscores (_). MCP servers have connection issues with hostnames containing underscores.
Using multiple MCP servers without verifying tools and descriptions could lead to vulnerabilities such as tool poisoning or tool shadowing. Snowflake recommends verifying third-party MCP servers before using them. This includes any MCP server from another Snowflake user or account. Verify all tools offered by third-party MCP servers.
We recommend using OAuth as the authentication method. Using hardcoded tokens can lead to token leakage.
When using a Programmatic Access Token (PAT), set it to use the least-privileged role allowed to work with MCP. This will help prevent leaking a secret with access to a highly-privileged role.
Configure proper permissions for the MCP server and tools following the least-privilege principle. Access to the MCP Server does not give access to the tools. Permission needs to be granted for each tool.
Erstellen eines MCP-Serverobjekts¶
Erstellen Sie ein Objekt, indem Sie die Tools und andere Metadaten angeben. MCP-Clients, die sich nach der erforderlichen Authentifizierung mit dem Server verbinden, können diese Tools erkennen und aufrufen.
Navigieren Sie zu der gewünschten Datenbank und dem gewünschten Schema, um den MCP-Server darin zu erstellen.
So erstellen Sie den MCP-Server:
CREATE [ OR REPLACE ] MCP SERVER [ IF NOT EXISTS ] <server_name> FROM SPECIFICATION $$ tools: - name: "product-search" type: "CORTEX_SEARCH_SERVICE_QUERY" identifier: "database1.schema1.Cortex_Search_Service1" description: "cortex search service for all products" title: "Product Search" - name: "revenue-semantic-view" type: "CORTEX_ANALYST_MESSAGE" identifier: "database1.schema1.Semantic_View_1" description: "Semantic view for all revenue tables" title: "Semantic view for revenue" $$
Snowflake unterstützt derzeit die folgenden Tooltypen:
CORTEX_SEARCH_SERVICE_QUERY: Cortex Search Service-Tool
CORTEX_ANALYST_MESSAGE: Cortex Analyst-Tool
SYSTEM_EXECUTE_SQL: SQL execution
CORTEX_AGENT_RUN: Cortex Agent tool
GENERIC: tool for UDFs and stored procedures
The following examples show how to configure different tool types:
Using the Analyst tool, your client can generate text from SQL. Use the following code to specify the tool configuration.
Bemerkung
The Snowflake-managed MCP server only supports using semantic views with Cortex Analyst. It does not support semantic models.
tools: - name: "revenue-semantic-view" type: "CORTEX_ANALYST_MESSAGE" identifier: "database1.schema1.Semantic_View_1" description: "Semantic view for all revenue tables" title: "Semantic view for revenue"Using the Search tool requests, your client can perform unstructured search on their data.
tools: - name: "product-search" type: "CORTEX_SEARCH_SERVICE_QUERY" identifier: "database1.schema1.Cortex_Search_Service1" description: "cortex search service for all products" title: "Product Search"For the SQL execution tool, your client can execute SQL queries on Snowflake. Use the following code to specify the tool configuration.
tools: - title: "SQL Execution Tool" name: "sql_exec_tool" type: "SYSTEM_EXECUTE_SQL" description: "A tool to execute SQL queries against the connected Snowflake database."For the Agent tool, your client passes a message to the agent. The agent processes the request and returns a response. Use the following code to specify the tool configuration.
tools: - title: "Agent V2" name: "agent_1" type: "CORTEX_AGENT_RUN" identifier: "db.schema.agent" description: "agent that gives the ability to..."For your custom tools, you must provide the user-defined function (UDF) or stored procedure signature in the tool configuration. The custom tool enables you to invoke UDFs and stored procedures as tools through the MCP server.
You need to specify the following in the tool configuration:
type:functionfor UDF,procedurefor stored procedure
Warehouse
Input schema: corresponds to the function signature
Use the following examples to create and configure custom tools using UDFs and stored procedures:
The following examples demonstrate creating UDFs that can be used as custom tools:
-- create a simple udf
CREATE OR REPLACE FUNCTION MULTIPLY_BY_TEN(x FLOAT)
RETURNS FLOAT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
HANDLER = 'multiply_by_ten'
AS
$$
def multiply_by_ten(x: float) -> float:
return x * 10
$$;
SHOW FUNCTIONS LIKE 'MULTIPLY_BY_TEN';
-- test return json/variant
CREATE OR REPLACE FUNCTION CALCULATE_PRODUCT_AND_SUM(x FLOAT, y FLOAT)
RETURNS VARIANT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
HANDLER = 'calculate_values'
AS
$$
import json
def calculate_values(x: float, y: float) -> dict:
"""
Calculates the product and sum of two numbers and returns them in a dictionary.
The dictionary is converted to a VARIANT (JSON) in the SQL return.
"""
product = x * y
sum_val = x + y
return {
"product": product,
"sum": sum_val
}
$$;
-- test return list/array
CREATE OR REPLACE FUNCTION GET_NUMBERS_IN_RANGE(x FLOAT, y FLOAT)
RETURNS ARRAY -- Use ARRAY to explicitly state a list is being returned
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
HANDLER = 'get_numbers'
AS
$$
def get_numbers(x: float, y: float) -> list:
"""
Returns a list of integers between x (exclusive) and y (inclusive).
Assumes x < y.
"""
# Ensure x and y are treated as integers for range generation
start = int(x) + 1
end = int(y) + 1 # range() is exclusive on the stop value
# Use a list comprehension to generate the numbers
# The Python list will be converted to a Snowflake ARRAY.
return list(range(start, end))
$$;
The following examples demonstrate creating stored procedures that can be used as custom tools:
-- create a simple stored procedure
CREATE OR REPLACE PROCEDURE MULTIPLY_BY_TEN_SP(x FLOAT)
RETURNS FLOAT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
PACKAGES = ('snowflake-snowpark-python')
HANDLER = 'multiply_by_ten'
AS
$$
# The handler logic is identical to the UDF for a scalar return
def multiply_by_ten(x: float) -> float:
return x * 10
$$;
-- test return json/variant
CREATE OR REPLACE PROCEDURE CALCULATE_VALUES_SP(x FLOAT, y FLOAT)
RETURNS VARIANT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
PACKAGES = ('snowflake-snowpark-python')
HANDLER = 'calculate_values'
AS
$$
# The handler logic is identical to the UDF for a VARIANT return
def calculate_values(x: float, y: float) -> dict:
"""
Calculates the product and sum of two numbers and returns them in a dictionary.
The dictionary is converted to a VARIANT (JSON) in the SQL return.
"""
product = x * y
sum_val = x + y
return {
"product": product,
"sum": sum_val
}
$$;
-- test return list/array
CREATE OR REPLACE PROCEDURE GET_NUMBERS_SP(x FLOAT, y FLOAT)
RETURNS ARRAY
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
PACKAGES = ('snowflake-snowpark-python')
HANDLER = 'get_numbers'
AS
$$
def get_numbers(x: float, y: float) -> list:
"""
Returns a list of integers between x (exclusive) and y (inclusive).
The Python list will be converted to a Snowflake ARRAY.
"""
# Ensure x and y are treated as integers for range generation
start = int(x) + 1
end = int(y) + 1 # range() is exclusive on the stop value
# Use a list comprehension to generate the numbers
return list(range(start, end))
$$;
The following examples demonstrate configuring custom tools for UDFs and stored procedures:
CREATE MCP SERVER my_mcp_server
FROM SPECIFICATION $$
tools:
- title: "Custom Tool 1"
identifier: "EXAMPLE_DATABASE.AGENTS.MULTIPLY_BY_TEN"
name: "multiply_by_ten"
type: "GENERIC"
description: "Multiplied input value by ten and returns the result."
config:
type: "function"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "A number to be multiplied by ten"
type: "number"
- title: "Custom Tool 2"
identifier: "EXAMPLE_DATABASE.AGENTS.CALCULATE_PRODUCT_AND_SUM"
name: "calculate_product_and_sum"
type: "GENERIC"
description: "Calculates the product and sum of two numbers and returns them in a JSON object."
config:
type: "function"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "First number"
type: "number"
y:
description: "Second number"
type: "number"
- title: "Custom Tool 3"
identifier: "EXAMPLE_DATABASE.AGENTS.GET_NUMBERS_IN_RANGE"
name: "get_numbers_in_range"
type: "GENERIC"
description: "Returns a list of integers between two numbers."
config:
type: "function"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "Start number (exclusive)"
type: "number"
y:
description: "End number (inclusive)"
type: "number"
- title: "Custom Tool 4"
identifier: "EXAMPLE_DATABASE.AGENTS.MULTIPLY_BY_TEN_SP"
name: "multiply_by_ten_sp"
type: "GENERIC"
description: "Multiplied input value by ten and returns the result."
config:
type: "procedure"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "A number to be multiplied by ten"
type: "number"
- title: "Custom Tool 5"
identifier: "EXAMPLE_DATABASE.AGENTS.CALCULATE_PRODUCT_AND_SUM_SP"
name: "calculate_product_and_sum_sp"
type: "GENERIC"
description: "Calculates the product and sum of two numbers and returns them in a JSON object."
config:
type: "procedure"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "First number"
type: "number"
y:
description: "Second number"
type: "number"
- title: "Custom Tool 6"
identifier: "EXAMPLE_DATABASE.AGENTS.GET_NUMBERS_IN_RANGE_SP"
name: "get_numbers_in_range_sp"
type: "GENERIC"
description: "Returns a list of integers between two numbers."
config:
type: "procedure"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "Start number (exclusive)"
type: "number"
y:
description: "End number (inclusive)"
type: "number"
$$;
Zum Anzeigen von MCP-Servern verwenden Sie die folgenden Befehle:
SHOW MCP SERVERS IN DATABASE <database_name>; SHOW MCP SERVERS IN SCHEMA <schema_name>; SHOW MCP SERVERS IN ACCOUNT;
The following shows the output of the command:
| created_on | name | database_name | schema_name | owner | comment | ------------------------------------------+-------------------+---------------+-------------+--------------+------------------------------ | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER_2 | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | Test MCP server with comment |
Um einen MCP-Server zu beschreiben, verwenden Sie den folgenden Befehl:
DESCRIBE MCP SERVER <server_name>;
The following shows the output of the command:
| name | database_name | schema_name | owner | comment | server_spec | created_on | ------------------------------------------------------------------------------------------------------+------------------------------------- | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | {"version":1,"tools":[{"name":"product-search","identifier":"db.schema.search_service","type":"CORTEX_SEARCH_SERVICE_QUERY"}]} | Fri, 23 Jun 1967 07:00:00.123000 +0000 |
Um einen MCP-Server zu entfernen, verwenden Sie den folgenden Befehl:
DROP MCP SERVER <server_name>;
Zugriffssteuerung¶
Sie können die folgenden Berechtigungen verwenden, um den Zugriff auf das MCP-Objekt und die zugrunde liegenden Tools zu verwalten
Berechtigung |
Objekt |
Beschreibung |
|---|---|---|
OWNERSHIP |
MCP-Objekt |
Erforderlich, um die Objektkonfiguration zu aktualisieren |
MODIFY |
MCP-Objekt |
Ermöglicht das Aktualisieren, Löschen, Beschreiben, Anzeigen und Verwenden von ( |
USAGE |
MCP-Objekt |
Erforderlich für die Verbindung mit dem MCP-Server und Erkennungstools |
USAGE |
Cortex Search Service |
Erforderlich, um das Cortex Search-Tool im MCP-Server aufzurufen |
SELECT |
Semantic View |
Erforderlich, um das Cortex Analyst-Tool im MCP-Server aufzurufen |
USAGE |
Cortex Agent |
Required to invoke the Cortex Agent as a tool in the MCP server |
USAGE |
User-defined function (UDF) or stored procedure |
Required to invoke the UDF or stored procedure as a tool in the MCP server |
Einrichten der OAuth-Authentifizierung¶
Konfigurieren Sie die Authentifizierung auf dem MCP-Client. Der von Snowflake verwaltete MCP-Server unterstützt OAuth 2.0 in Übereinstimmung mit der Empfehlung zur `Autorisierung<https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization>`__ im MCP-Protokoll. Der von Snowflake verwaltete MCP-Server unterstützt keine dynamische Clientregistrierung.
Erstellen Sie zuerst die Sicherheitsintegration. Weitere Informationen zu diesem Befehl finden Sie unter CREATE SECURITY INTEGRATION (Snowflake OAuth).
CREATE [ OR REPLACE ] SECURITY INTEGRATION [IF NOT EXISTS] <integration_name> TYPE = OAUTH OAUTH_CLIENT = GENERIC ENABLED = TRUE OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = '<redirect_URI>'
Rufen Sie dann die Systemfunktion auf, um Ihre Client-ID und die Schlüssel für die Clientkonfiguration abzurufen. Der Integrationsname unterscheidet zwischen Groß- und Kleinschreibung und muss in Großbuchstaben geschrieben werden.
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('<integration_name>');
Interagieren mit MCP-Server mit einem kundenspezifischen MCP-Client¶
Falls Sie einen kundenspezifischen MCP-Client erstellen, werden in den folgenden Abschnitten die Snowflake-Endpunkte beschrieben, mit denen Ihr Client interagiert.
Bemerkung
Der Snowflake MCP-Server unterstützt derzeit nur Tool-Funktionen.
Initialisieren des MCP-Servers¶
Initialisieren Sie den Server nach der Authentifizierung, indem Sie GET- und POST-Aufrufe an den folgenden API-Endpunkt ausführen:
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": { "protocolVersion": "2025-06-18" }
}
Das folgende Beispiel zeigt die Antwort:
{
"jsonrpc": "2.0", // passthrough from req
"id": 1, // passthrough from req
"result": {
"proto_version": "2025-06-18",
"capabilities": {
"tools": {
"listChanged": false
}
},
"server_info": {
"name": "<snowflake-mcp-name>",
"title": "Snowflake Server: <snowflake-mcp-name>",
"version": "1.0.0"
}
}
}
Tools erkennen und aufrufen¶
Die MCP-Clients können Tools mit tools/list- und tools/call-Anforderungen erkennen und aufrufen.
Um Tools zu erkennen, geben Sie einen POST-Aufruf aus, wie in der Spalte tools/list-Anforderung gezeigt:
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/list",
"params": {}
}
Das folgende Beispiel zeigt die Antwort:
{
"jsonrpc": "2.0", // passthrough from req
"id": 1, // passthrough from req
"result": {
"tools": [ // search
{
"name":"product-search",
"description":"Test search tool",
"inputSchema": {
"type": "object",
"description": "A search query and additional parameters for search.",
"properties": {
"query": {
"description": "Unstructured text query. Exactly one of 'query' or 'multi_index_query' must be specified.",
"type": "string"
},
"columns": {
"description": "List of columns to return.",
"type": "array",
"items": {
"type": "string"
}
},
"filter": {
"description": "Filter query.",
"type": "object"
},
"limit": {
"description": "Max number of results to return.",
"type": "integer",
"default": 10
}
}
},
"outputSchema": {
"type": "object",
"description": "Search results.",
"properties": {
"results": {
"description": "List of result rows.",
"type": "array",
"items": {
"type": "object",
"additionalProperties": true,
"description": "Map of column names to values (as bytes)."
}
},
"request_id": {
"description": "ID of the request.",
"type": "string"
}
},
"required": ["results", "request_id"]
}
},
{ // analyst
"name":"revenue-semantic-view",
"description":"Test tool",
"inputSchema": {
"type": "object",
"description": "A message and additional parameters for Cortex Analyst.",
"properties": {
"message": {
"description": "The user’s question.",
"type": "string"
}
}
}
}
]
}
}
Um ein Tool aufzurufen, geben Sie einen POST-Aufruf aus, wie in der Spalte tools/call-Anforderung gezeigt.
For the Analyst tool, your client passes messages in the request. The SQL statement is listed in the output. You must pass the name of the tool that you’re invoking in the request in the name parameter.
POST /api/v2/databases/<database>/schemas/<schema>/mcp-servers/<name>
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "test-analyst",
"arguments": {
"message ": "text"
}
}
}
Das folgende Beispiel zeigt die Antwort:
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"content": [
{
"type": "text",
"text": "string"
}
]
}
}
Bei Suchtool-Anfragen kann Ihr Client die Abfrage und die folgenden optionalen Argumente übergeben:
columns
filter
limit
The search results and request ID are returned in the output. You must pass the name of the tool that you’re invoking in the request as the name parameter.
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "product-search",
"arguments": {
"query": "Hotels in NYC",
"columns": array of strings,
"filter": json,
"limit": int
}
}
}
Das folgende Beispiel zeigt die Antwort:
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"results": {}
}
}
Einschränkungen¶
Der Snowflake-verwaltete MCP-Server unterstützt die folgenden Konstrukte im MCP-Protokoll nicht: Ressourcen, Prompts, Roots, Benachrichtigungen, Versionsverhandlungen, Lebenszyklusphasen und Sampling.
Es werden nur Nicht-Streaming-Antworten unterstützt.