Getting started with Snowflake Data Clean Rooms¶

This topics describes the tasks an administrator must complete to set up Snowflake Data Clean Rooms.

Prerequisites¶

In order to use a Snowflake Data Clean Room, your account must:

If you do not meet certain requirements and need to upgrade, contact Snowflake Support.

Capacity account¶

You need a Snowflake account that has an upfront capacity commitment to use Snowflake Data Clean Rooms.

Snowflake On Demand accounts cannot create or use a clean room.

Snowflake Edition¶

Use the following table to determine which Snowflake Edition is required for the Snowflake account of a clean room collaborator:

Collaborator

Task

Required Snowflake Edition

Provider

Create a clean room

Enterprise Edition or higher

Consumer

Join and use a clean room

Standard Edition or higher

Provider & Consumer Terms¶

Before using a Snowflake Data Clean Room as a provider or consumer, you need to agree to additional Snowflake terms and abide by Snowflake policies. For details, see Legal requirements for providers and consumers of listings.

Sign up for a Snowflake Data Clean Room environment¶

Important

The user who initially signs up as a clean room participant must have the ACCOUNTADMIN role in the Snowflake account associated with the clean room environment. This clean room administrator needs to use the ACCOUNTADMIN role to configure the Snowflake account in subsequent steps in the getting started process.

To sign up and log in to the clean room environment:

  1. Navigate to the sign-up page.

  2. Enter the account identifier of your Snowflake account using the hyphenated form of the account name format (that is, orgname-acctname).

  3. Enter your email address.

  4. Specify a company name, which is used to identify the clean room environment when users sign in.

  5. Select Sign Up. You are sent an email.

After receiving the email, do the following:

  1. Select Verify Email. The sign up page re-opens.

  2. Specify a Name and Password.

  3. Select Sign up.

Add IP addresses to your allowed list¶

If your Snowflake account uses a network policy to control network traffic, you must explicitly allow traffic from the IP addresses that the web app uses to communicate with your Snowflake account. The following IP addresses must be allowed by the network policy:

Snowflake account region

Web app IP addresses

  • AWS US West (Oregon)

  • AWS US East (Ohio)

  • AWS US East (N. Virginia)

  • Azure West US 2 (Washington)

  • Azure Central US (Iowa)

  • Azure South Central US (Texas)

  • Azure East US 2 (Virginia)

  • 52.7.249.136

  • 34.195.16.248

  • 52.7.210.215

  • AWS Canada (Central)

  • Azure Canada Central (Toronto)

  • 15.223.145.218

  • 3.96.6.109

  • 15.222.142.44

  • AWS Asia Pacific (Mumbai)

  • Azure Central India (Pune)

  • 35.154.94.29

  • 13.235.168.249

  • 15.206.48.175

  • AWS Asia Pacific (Singapore)

  • Azure Southeast Asia (Singapore)

  • 13.228.90.174

  • 52.220.42.130

  • 52.220.249.16

  • AWS Asia Pacific (Sydney)

  • Azure Australia East (New South Wales)

  • 52.65.205.236

  • 52.62.198.227

  • 3.104.160.96

Configure the Snowflake account¶

A Snowflake user with the ACCOUNTADMIN role must configure the Snowflake account associated with the clean room environment before users can create and use clean rooms.

Note

The user with the ACCOUNTADMIN role must have a valid first name, last name, and email defined for their user object. To verify whether these properties are defined, execute the DESCRIBE USER command.

Configuring the Snowflake account consists of the following:

  • Creating a service account user that represents the clean room environment so clean rooms can access the Snowflake account.

  • Installing a Snowflake Native App that allows clean rooms to interact with data in a Snowflake account.

  • Registering the databases that contain the data that collaborators can access in clean rooms.

To configure the Snowflake account for a clean room environment:

  1. Access the Snowflake Admin console in the clean room environment. Do the following:

    1. Navigate to the sign in page.

    2. Enter your email address, and select Continue.

    3. Enter your password.

    4. If you are associated with multiple clean room environments, select the Snowflake account that you are configuring.

    5. In the left navigation, select Snowflake Admin.

    6. Select Login to Snowflake, and authenticate as a Snowflake user with the ACCOUNTADMIN role.

  2. Specify the details for the service account user that clean rooms use to interact with Snowflake. Be sure to remember these details as you will need them in a subsequent step. Do the following:

    1. Enter the email address associated with the service account user.

    2. In the New Snowflake Username field, specify a name that is unique to the Snowflake account.

    3. Specify a password.

    4. Select Create to create the service account user.

  3. Verify the email of the new service account user. Do the following:

    1. Select Log into your Snowflake account.

    2. Sign in to Snowsight using the credentials of the service account user. You specified these in the previous step.

    3. To open the user menu, select the username of the service account user, and then select My profile.

    4. Select Resend verification email. A verification email is sent to the email address of the service account user.

    5. Access the email inbox of the service account user, open the verification email, and select Validate Your Email.

    6. Return to the Snowflake Admin console of the clean room environment, and select Verify Status.

  4. Install the Snowflake Native App associated with Snowflake Data Clean Rooms (SAMOOHA_BY_SNOWFLAKE). Do the following:

    1. If desired, use the Setup Scripts section to review the code that is executed in your account to install the Snowflake Native App.

    2. Do not change the default name of the application.

    3. Select Install to install the Snowflake Native App.

      The process of installing the Snowflake Native App can take some time. Periodically select Refresh to check whether it is complete before proceeding to the next step.

  5. In the Database Registration section, select the databases that contain the data that you want collaborators to be able to access in clean rooms.

    Only tables are supported. You cannot add views to a clean room.

    Note

    Once you complete these steps, new tables added to registered databases are not available to clean room collaborators immediately. If a table is added, you need to use the web app’s Snowflake Admin option to return to the Database Registration section, and then select Resync.

Enable collaboration with consumers in different regions¶

In order to collaborate with a Snowflake customer whose account is in a different region than your account, you must enable Cross-Cloud Auto-Fulfillment for your clean room environment. A Snowflake user with the ACCOUNTADMIN role must enable Cross-Cloud Auto-Fulfillment before clean room administrators can add accounts in other regions as collaborators.

There are additional costs associated with collaborators who are in a different region. For more information about how these costs are incurred, see Understand Cross-Cloud Auto-Fulfillment costs.

To configure your clean room environment to allow collaborators to be in a different region:

  1. Navigate to the sign in page.

  2. Enter your email address, and select Continue.

  3. Enter your password.

  4. If you are associated with multiple clean room environments, select the Snowflake account that you are configuring.

  5. In the left navigation, select Snowflake Admin.

  6. Select Login to Snowflake, and authenticate as a Snowflake user with the ACCOUNTADMIN role.

  7. Toggle on Cross-Cloud Auto-Fulfillment.

For information about adding collaborators, see Add collaborators.

Next steps¶

For additional steps needed to set up a clean room environment, including adding users and collaborators, see Snowflake Data Clean Rooms: Administrator tasks.

Language: English