Thoropass supports an integration to Snowflake.
You may follow the following generic guide from our trusted partner Truto to get setup: Connecting to Snowflake.
However, we highly recommend NOT using an admin user.
We only require access to metadata for users, roles, and DB metadata (no content).
Sample custom role for minimal Thoropass required privileges:
-- Step 1: Create a Read-Only Security Role (if not already created)
CREATE ROLE security_scan_readonly;
-- Step 2: Grant Usage on ACCOUNT_USAGE Schema for User & Role Metadata
GRANT USAGE ON DATABASE SNOWFLAKE TO ROLE security_scan_readonly;
GRANT USAGE ON SCHEMA SNOWFLAKE.ACCOUNT_USAGE TO ROLE security_scan_readonly;
GRANT SELECT ON ALL VIEWS IN SCHEMA SNOWFLAKE.ACCOUNT_USAGE TO ROLE security_scan_readonly;
-- Step 3: Grant Access to INFORMATION_SCHEMA for Role Configuration Details
GRANT USAGE ON ALL DATABASES TO ROLE security_scan_readonly;
GRANT USAGE ON ALL SCHEMAS IN ACCOUNT TO ROLE security_scan_readonly;
GRANT SELECT ON ALL VIEWS IN ACCOUNT TO ROLE security_scan_readonly;
-- Step 4: Grant Future Access to Ensure Metadata Availability
GRANT SELECT ON FUTURE VIEWS IN ACCOUNT TO ROLE security_scan_readonly;
-- Step 5: Assign Role to a Security Scanning User
GRANT ROLE security_scan_readonly TO USER <SECURITY_SCAN_USER>;