Create and Set Up an ALTR Account

There are two ways to create and set up an ALTR account:

1. Use Snowflake Partner Connect. (Recommended)
2. Contact ALTR Support to get an account created. This might be required if you are using ALTR through a partner or third-party vendor.

Note

In order to connect to ALTR, you must have

• Enterprise or higher level of Snowflake
• ACCOUNTADMIN role, which is needed to sign up for Snowflake Partner Connect and to grant access to ALTR. ALTR is not required to run as this role after setup.

Danger

ALTR must be able to communicate with Snowflake over the internet in order to apply and enforce data security policies. If your Snowflake account restricts IP traffic using network policies , you must create new network rules whitelisting ALTR’s IP addresses before connecting an ALTR account. Learn more . ALTR’s IP addresses are:

• 44.203.133.160/28
• 3.145.219.176/28
• 35.89.45.128/28

ALTR participates in Snowflake Partner Connect , making it easy for Snowflake ACCOUNTADMIN users to create and set up an ALTR account.

Note

The process to Snowflake Partner Connect to create your ALTR account is fully automated; once you begin the process, you must finish in order to successfully create your ALTR account. If you feel like Snowflake Partner Connect isn’t the right option or if you need assistance during the onboarding process, contact ALTR Support .

Access Snowflake Partner Connect

To access Snowflake Partner Connect:

1. Log into Snowsight as an account that has access to the ACCOUNTADMIN role.
2. Change your role to ACCOUNTADMIN.
3. Select Data ProductsPartner Connect in the Navigation menu.
4. Search for “ALTR” or select Security & Governance .
5. Select ALTR .
6. Click Connect .

ALTR sends you an email to create your ALTR account, set your ALTR password, and start onboarding. Your ALTR username defaults to your email address and your Two-Factor Authentication method defaults to “email.”

Note

If you have an existing ALTR account, this process will direct you to your account. If your email address is tied to two different Snowflake accounts and you use Snowflake Partner Connect for both emails, you will be brought to the same ALTR organization. Contact ALTR Support if you need a new ALTR organization created.

Grant Privileges

When you create an ALTR account through Snowflake Partner Connect, required Snowflake objects are created. Once your account is created, run the SETUP_ALTR_SERVICE_ACCOUNT stored procedure.

ALTR’s Service user must have access to a Snowflake role with the appropriate privileges to enforce access governance and security. ALTR operates using the default role on the Snowflake Service user unless the default is explicitly overridden when connecting a Snowflake data source .

For ALTR accounts created from Snowflake Partner Connect, the PC_ALTR_USER is automatically assigned the default role PC_ALTR_ROLE.

When using Snowflake Partner Connect, there are two ways to grant ALTR the necessary privileges :

• Express Configuration (recommended)— Give ALTR privileges to run as ACCOUNTADMIN and the ALTR onboarding wizard runs the required stored procedure. Once onboarding is complete, you can revoke the ACCOUNTADMIN access.
• Manual Configuration— Manually run the required stored procedure since it must be run as an ACCOUNTADMIN role.

Express Configuration

With Express Configuration, grant ALTR’s service user the ACCOUNTADMIN role. ALTR uses this role to grant all of the necessary privileges to PC_ALTR_USER. Once onboarding is complete (i.e., you have successfully connected a database), you can safely revoke the ACCOUNTADMIN role from PC_ALTR_USER.

Manual Configuration

With Manual Configuration, manually execute access to PC_ALTR_ROLE required for ALTR to create and enforce governance policies across all of your databases in Snowflake. ALTR provides a stored procedure that automates these privileges, which you will need run. ALTR then verifies the correct privileges were granted. For a list of these privileges and what ALTR uses them for, refer to Service User Privilege Requirements .

If you didn’t go through Snowflake Partner Connect to create your ALTR account, such as if you are using ALTR through a partner, ALTR Support will gladly walk you through the onboarding process.

To have ALTR create your account:

1. Contact ALTR Support with the following information:
   1. Company name and address
   2. Name, email address and phone number of the initial ALTR administrator
2. Create a service user by running ALTR’s stored procedure. Learn more.