设置 Openflow - Snowflake Deployment:核心 Snowflake¶
Openflow - Snowflake Deployment 需要创建以下 Snowflake 特定资源:
创建 OPENFLOW_ADMIN 角色¶
创建所需的 Openflow 管理角色。
备注
<OPENFLOW_USER> 表示将用于访问 Openflow 的用户。
USE ROLE ACCOUNTADMIN;
CREATE ROLE IF NOT EXISTS OPENFLOW_ADMIN;
GRANT CREATE ROLE ON ACCOUNT TO ROLE OPENFLOW_ADMIN;
GRANT ROLE OPENFLOW_ADMIN TO USER <OPENFLOW_USER>;
小心
Users with a default role of ACCOUNTADMIN can't login to Openflow - Snowflake Deployment runtimes and will get an error message when attempting to do so.
Snowflake recommends assigning a different default role to any user that will login to a runtime.
In addition, Snowflake recommends setting default secondary roles to ALL for all Openflow users.
To change the default role and enable all secondary roles, execute the following:
For example:
USE ROLE ACCOUNTADMIN;
ALTER USER <openflow_user> SET DEFAULT_ROLE = <openflow_admin>;
ALTER USER <openflow_user> SET DEFAULT_SECONDARY_ROLES = ('ALL');
配置所需权限¶
Openflow 需要定义特定的 Snowflake 账户级别权限。这些权限作为默认权限集的一部分分配给 ACCOUNTADMIN 角色。ACCOUNTADMIN 将自动获得以下两个权限,并且能够向自己授予其选择的 Openflow 管理员角色角色,在以下示例中如 OPENFLOW_ADMIN 角色所示:
USE ROLE ACCOUNTADMIN;
GRANT CREATE OPENFLOW DATA PLANE INTEGRATION ON ACCOUNT TO ROLE OPENFLOW_ADMIN;
GRANT CREATE OPENFLOW RUNTIME INTEGRATION ON ACCOUNT TO ROLE OPENFLOW_ADMIN;
GRANT CREATE COMPUTE POOL ON ACCOUNT TO ROLE OPENFLOW_ADMIN;
启用集成级网络策略的 BCR 捆绑包 2025_06¶
使用以下任何连接器类型时:数据库 CDC、SaaS、Streaming 或 Slack,您必须启用 BCR 捆绑包 2025_06 Bundle (Disabled by default) 以确保与 Snowpipe Streaming 的连接。
要检查并启用捆绑包,请执行以下步骤:
确定特定捆绑包的状态:
call SYSTEM$BEHAVIOR_CHANGE_BUNDLE_STATUS('2025_06');
结果为
DISABLED表示捆绑包已禁用。如果捆绑包已禁用,请将其启用:
call SYSTEM$ENABLE_BEHAVIOR_CHANGE_BUNDLE('2025_06');