Snowflake 管理的 MCP 服务器¶
概述¶
备注
Snowflake supports Model Context Protocol revision 2025-06-18.
模型上下文协议 (MCP) 是一项 开源标准 (https://modelcontextprotocol.io/docs/getting-started/intro),可让 AI 代理与业务应用程序和外部数据系统(例如数据库和内容存储库)安全地交互。MCP 帮助企业减少集成难题,并能快速地从模型中交付成果。自推出以来,MCP 已成为代理应用程序的基础,为调用工具和检索数据提供了一致且安全的机制。
Snowflake 管理的 MCP 服务器让 AI 代理可以安全地从 Snowflake 账户检索数据,而无需部署单独的基础设施。您可以将 MCP 服务器配置为:在基于标准的接口上提供 Cortex Analyst 和 Cortex Search 工具。MCP 客户端可以发现并调用这些工具,并检索应用程序所需的数据。使用在 Snowflake 上管理的 MCP 服务器,您可以构建可扩展的企业级应用程序,同时保持访问和隐私控制。Snowflake 上的 MCP 服务器提供:
标准化集成: 用于工具发现和调用的统一接口,符合快速发展的标准。
全面身份验证: 利用 Snowflake 的内置 OAuth 服务,为 MCP 集成启用基于 OAuth 的身份验证。
稳健的治理: 对 MCP 服务器及工具实施基于角色的访问控制 (RBAC),用于管理工具发现与调用。
For information about the MCP lifecycle, see Lifecycle (https://modelcontextprotocol.io/specification/2025-06-18/basic/lifecycle). For an example of an MCP implementation, see the Getting Started with Managed Snowflake MCP Server (https://quickstarts.snowflake.com/guide/getting-started-with-snowflake-mcp-server/index.html) Quickstart.
创建 MCP 服务器对象¶
创建一个对象,指定相关工具及其他元数据。经过必要的身份验证后,连接到 MCP 服务器的 MCP 客户端能够发现并调用这些工具。
导航到要在其中创建 MCP 服务器的数据库和架构。
创建 MCP 服务器:
CREATE [OR REPLACE ] MCP SERVER [ IF NOT EXISTS] <server_name> FROM SPECIFICATION $$ tools: - name: "policy-search" type: "CORTEX_SEARCH_SERVICE_QUERY" identifier: "database1.schema1.Cortex_Search_Service1" description: "cortex search service for all products" title: "Product Search" - name: "revenue-semantic-view" type: "CORTEX_ANALYST_MESSAGE" identifier: "database1.schema1.Semantic_View_1" description: "Semantic view for all revenue tables" title: "Semantic view for revenue" $$
Snowflake currently supports the following tool types:
CORTEX_SEARCH_SERVICE_QUERY: Cortex Search Service tool
CORTEX_ANALYST_MESSAGE: Cortex Analyst tool
To show MCP servers, use the following commands:
SHOW MCP SERVERS IN DATABASE <database_name>; SHOW MCP SERVERS IN SCHEMA <schema_name>; SHOW MCP SERVERS IN ACCOUNT;
The following example shows the output of the command:
| created_on | name | database_name | schema_name | owner | comment | ------------------------------------------+-------------------+---------------+-------------+--------------+------------------------------ | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER_2 | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | Test MCP server with comment |
To describe an MCP server, use the following command:
DESCRIBE MCP SERVER <server_name>;
The following example shows the output of the command:
| name | database_name | schema_name | owner | comment | server_spec | created_on | ------------------------------------------------------------------------------------------------------+------------------------------------- | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | {"version":1,"tools":[{"name":"policy-search","identifier":"db.schema.search_service","type":"CORTEX_SEARCH_SERVICE_QUERY"}]} | Fri, 23 Jun 1967 07:00:00.123000 +0000 |
To drop an MCP server, use the following command:
DROP MCP SERVER <server_name>;
访问控制¶
您可以使用以下权限来管理对 MCP 对象和底层工具的访问
权限 |
对象 |
描述 |
|---|---|---|
OWNERSHIP |
MCP 对象 |
必须拥有此权限才能更新对象配置 |
MODIFY |
MCP 对象 |
可对对象配置进行更新、删除、描述、显示和使用( |
USAGE |
MCP 对象 |
必须拥有此权限才能连接 MCP 服务器并发现工具 |
USAGE |
Cortex Search 服务 |
必须拥有此权限才能调用 MCP 服务器中的 Cortex Search 工具 |
USAGE |
语义视图 |
必须拥有此权限才能调用 MCP 服务器中的 Cortex Analyst 工具 |
Set up OAuth authentication¶
Configure authentication on the MCP client. The Snowflake-managed MCP server supports OAuth 2.0 aligned with the authorization (https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization) recommendation in the MCP protocol. The Snowflake-managed MCP server doesn't support dynamic client registration.
First, create the security integration. For information about this command, see CREATE SECURITY INTEGRATION (Snowflake OAuth).
CREATE [ OR REPLACE ] SECURITY INTEGRATION [IF NOT EXISTS] <integration_name> TYPE = OAUTH OAUTH_CLIENT = CUSTOM ENABLED = TRUE OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = '<redirect_URI>'
然后,调用系统函数,以检索客户端配置所需的客户端 ID 和密钥。集成名称区分大小写,并且必须为大写形式。
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('<integration_name>');
备注
首次尝试从您的 MCP 客户端登录 Snowflake 时 ,您可能会看到 Invalid consent request 错误消息。要解决此问题,请在授权 URL 中找到具有以下格式的范围查询参数。
&scope=session%3Arole%3Aall
将范围从 session%3Arole%3Aall 更改为 session%3Arole%3Arole name you want to authenticate,然后重新提交 URL。
Interact with the MCP server using a custom MCP client¶
If you are building a custom MCP client, the following sections demonstrate the Snowflake endpoints that your client interacts with.
备注
The Snowflake MCP server currently only supports tool capabilities.
初始化 MCP 服务器¶
完成身份验证后,通过对以下 API 端点发出 GET 和 POST 调用来初始化服务器:
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name} { "jsonrpc": "2.0", "id": 1, "method": "initialize" "params": {} }
The following example shows the response:
{ "jsonrpc": "2.0", // passthrough from req "id": 1, // passthrough from req "result": { "proto_version": "2025-06-18", "capabilities": { "tools": { "listChanged": false } }, "server_info": { "name": "<snowflake-mcp-name>", "title": "Snowflake Server: <snowflake-mcp-name>", "version": "1.0.0" } } }
发现与调用工具¶
MCP 客户端可以通过 tools/list 和 tools/call 请求发现并调用工具。
要发现工具,请按 工具/列表请求 (https://modelcontextprotocol.io/specification/2025-06-18/server/tools#calling-tools) 中所示发出 POST 调用:
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/list",
"params": {}
}
The following example shows the response:
{
"jsonrpc": "2.0", // passthrough from req
"id": 1, // passthrough from req
"result": {
"tools": [ // search
{
"name":"policy-search",
"description":"Test search tool",
"inputSchema": {
"type": "object",
"description": "A search query and additional parameters for search.",
"properties": {
"query": {
"description": "Unstructured text query. Exactly one of 'query' or 'multi_index_query' must be specified.",
"type": "string"
},
"columns": {
"description": "List of columns to return.",
"type": "array",
"items": {
"type": "string"
}
},
"filter": {
"description": "Filter query.",
"type": "object"
},
"limit": {
"description": "Max number of results to return.",
"type": "integer",
"default": 10
}
}
},
"outputSchema": {
"type": "object",
"description": "Search results.",
"properties": {
"results": {
"description": "List of result rows.",
"type": "array",
"items": {
"type": "object",
"additionalProperties": true,
"description": "Map of column names to values (as bytes)."
}
},
"request_id": {
"description": "ID of the request.",
"type": "string"
}
},
"required": ["results", "request_id"]
}
},
{ // analyst
"name":"revenue-semantic-view",
"description":"Test tool",
"inputSchema": {
"type": "object",
"description": "A message and additional parameters for Cortex Analyst.",
"properties": {
"message": {
"description": "The user’s question.",
"type": "string"
}
}
}
}
]
}
}
要调用工具,请按 工具/调用请求 (https://modelcontextprotocol.io/specification/2025-06-18/server/tools#calling-tools) 中所示发出 POST 调用。
For the Analyst tool, your client passes messages in the request. The SQL statement is listed as output. You must pass the name of the tool to invoke in the request as name.
POST /api/v2/databases/<database>/schemas/<schema>/mcp-servers/<name>
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "test-analyst",
"arguments": {
"message ": "text"
}
}
}
The following example shows the response:
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"content": [
{
"type": "text",
"text": "string"
}
]
}
}
For Search tool requests, your client can pass the query and the following optional arguments:
columns
filter
limit
The search results and request ID are listed as output. You must pass the name of the tool to invoke in the request as name.
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "policy-search",
"arguments": {
"query": "Hotels in NYC",
"columns": array of strings,
"filter": json,
"limit": int
}
}
}
The following example shows the response:
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"results": {}
}
}
限制¶
Snowflake 管理的 MCP 在 MCP 协议中不支持以下结构:资源、提示、根、通知、版本协商、生命周期阶段和采样。
仅支持非流式传输响应。