Getting Started with ALTR & Snowflake
Configure ALTR's Snowflake Service User
Connect Snowflake Databases
Connect Columns to ALTR
Creating Policy & Manage Data
Column Access Policies
Row Access Policy
ALTR Driver JDBC Installation
ALTR Driver ODBC Installation
Configure Tableau to Gain User Level Observability
Integrating ALTR Notifications with AWS S3
TDS Proxy Installation
Custom Masking and Extensibility Functions
Bring Your Own Key for Vaulted Tokenization
This page describes how ALTR connects to Snowflake databases. It includes a walkthrough of how to connect Snowflake databases to ALTR and a detailed overview of what objects ALTR creates in Snowflake to support the connection. It also includes common questions and troubleshooting steps for users who have trouble connecting Snowflake databases.
When you connect a Snowflake database to ALTR, what happens next is that ALTR creates a variety of Snowflake-Side objects that enable data governance. These include:
Additionally, ALTR executes a variety of processes in its SaaS platform in order to ensure it can properly access the Snowflake database and its schema objects. This includes:
NOTE: ALTR only accesses and persists account and schema object information relating to your Snowflake Database. ALTR does not automatically access or persist any data stored in Snowflake.
To unlock ALTR’s data governance tools for Snowflake databases, you must connect that database to ALTR. ALTR’s Snowflake Partner Connect Onboarding offers a guided walkthrough for connecting your first databases. This section covers how to connect Snowflake Databases after onboarding.
ALTR offers two routes for connecting Snowflake Databases:
If you joined ALTR through Snowflake Partner Connect, ALTR remembers the Snowflake Hostname and Service User information from your Snowflake account. Connecting a database in the Partner Connect form is as simple as selecting the database from a dropdown, giving it a name in ALTR, and choosing optional features for the databases such as:
To connect a database from a Snowflake account other than the one used for Partner Connect, you can manually do it by providing ALTR with the Snowflake Hostname and Service User information for the database’s Snowflake Account. To manually create and permission a non-Partner Connect Service User, see this guide.
When manually connecting a Snowflake database, ALTR requires the following information:
ALTR offers advanced configuration options when connecting a database or modifying database connections. Most users do not need to update these settings.
If your service user is having problems or some other issue has occurred where you want to disconnect a Snowflake database from ALTR, then follow the steps below.
NOTE: You cannot remove a database if there are any columns that are still connected to it. You will need to disconnect the columns first. For the steps to do this, read How to disconnect a column from ALTR.
Our frequently asked questions and troubleshooting steps are organized by topics below.
Question: I changed the password for my Snowflake Partner Connect Service User. How do I change it in ALTR?
Answer: If you change the password for PC_ALTR_USER, please reach out to firstname.lastname@example.org for assistance.
Question: I’m trying to connect a database via the Snowflake Partner Connect form but it isn’t appearing in the dropdown. Why?
Answer: ALTR can only connect databases that the Service User has access to. Try re-executing the stored procedure in order to ensure the service user can see all of the databases in your Snowflake Account.
Due to limitations in Snowflake Data Sharing, ALTR does not support governing databases created from a Data Share. Because of this, shared databases are not included in the dropdown.
ALTR automatically excludes the automatically created databases PC_ALTR_DB from the list, as this database is auto-generated by Snowflake and serves no purpose.
Question: Why am I getting errors when I try to connect a Snowflake Database via the Partner Connect form?
Answer: Make sure that your service user permissions are up-to-date by re-executing the Stored Procedure.
Also, check that no one has changed the password for PC_ALTR_USER in Snowflake. If that password has changed, then reach out to
ALTR must be able to communicate with Snowflake over the internet to create database connections. Please make sure that ALTR’s IP addresses are whitelisted in your Snowflake Network Policies. Information on ALTR's IP addresses can be found in our onboarding guide.
Question: Why am I getting errors when I try to connect a Snowflake Database via the Manual Configuration form?
Answer: Make sure that you have a valid service user and re-execute the Stored Procedure to confirm that the service user has permission to the database.
Also, check that you correctly entered the hostname for the Snowflake account in the format loremipsum.snowflakecomputing.com. See the section earlier in this page for help identifying your Snowflake hostname.
Lastly, make sure that you are entering the correct Service User Username and Password.
If you continue to have issues, reach out to email@example.com.
Question: I'm having trouble trying to disconnect a database. How can I solve this problem?
Answer: Certain situations might occur where you will not be able to disconnect a database in ALTR normally. For example, your service user may be having problems or some other issue could exist. This is when it would be appropriate to use our Force Disconnect a Data Source feature that's shown in the screenshot below.
By using the Force Disconnect a Data Source feature, it removes the integration memory from your database connection to ALTR. Be aware that if you choose to do this, then artifacts such as the masking policy, schema objects from your account, etc., might still be left in Snowflake.
Before you proceed, we're also making you aware that:
NOTE: We recommend that after you force disconnect a data source, you then go back and check Snowflake in case you'd prefer to clear out remnants due to storage limits, security risk policies from ongoing API call requests, or other reasons. To identify and remove them, you can email firstname.lastname@example.org