The ability to dynamically set a role and a warehouse for a Snowflake user is a top request from Sigma customers. That’s because it enables customers to have better fine-grained control over their permissions (by role,) and cost attribution (by warehouse.) Now, we are thrilled to announce that this feature is in Beta!
What are User Attributes?
User Attributes are users' metadata that can be used by admins to control what data each user can access in Sigma. You know your users best, so we’re giving you the power to clearly define each user within Sigma and use that to curate each individual’s experience within Sigma.
How do I create a Snowflake Connection with the role and warehouse set by a user attribute?
As an administrator, you will find a User Attributes page under administration, which is under the dropdown by your initials.
First, you will need to create user attributes that you are going to use in the Snowflake connection configuration.
In this example, I’m creating two user attributes, named Role and Warehouse.
You can create a new attribute by clicking on the Create Attribute button and filling in the Name, Description, and Default value. (Note that the default value will be assigned to every member by default if you don’t assign a value to a team, or if the member is not on the team you assign value to.) Keep in mind that if you want to set the user attribute for the connection configuration, each member needs to have a valid assigned value. An empty string is not allowed.
After the attribute is created, you can now assign a certain value to a team by clicking on the Assign Attribute button to choose a team and set a value for the team.
Now, with created user attributes, we can use them to create a connection.
Create a Connection
As an admin, you can see a Connections page by clicking Administration.
By clicking on the Create Connection button, you will be able to fill in the credentials and set the warehouse/role by a user attribute when you click the user attribute menu button on the right.
You can choose the user attributes you just created to allow dynamic values for different teams.
You will see the warehouse and role is set by a user attribute on the connection details page.