Snowflakecloud~5 mins

Reader accounts for non-Snowflake users - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes, you want to share your Snowflake data with people or systems that do not have their own Snowflake accounts. Reader accounts let you do this by creating a special account that can only read the shared data without needing a full Snowflake license.

When you want to share data securely with a partner who does not have a Snowflake account.

When you need to provide read-only access to your data for auditing purposes without giving full access.

When a client or vendor needs to query your data but you want to control and limit their access.

When you want to avoid the cost and complexity of creating full Snowflake accounts for external users.

When you want to track usage and billing separately for shared data access.

Config File - create_reader_account.sql

create_reader_account.sql

CREATE READER ACCOUNT my_reader_account
  ADMIN_NAME = 'reader_admin'
  ADMIN_PASSWORD = 'StrongPassw0rd!'
  DEFAULT_WAREHOUSE = 'COMPUTE_WH'
  DEFAULT_NAMESPACE = 'SHARED_DB.PUBLIC';

-- Grant usage on shared database
GRANT IMPORTED PRIVILEGES ON DATABASE SHARED_DB TO READER ACCOUNT my_reader_account;

This SQL script creates a reader account named my_reader_account with an admin user and password. It sets a default warehouse and namespace for queries. The last command grants the reader account permission to use the shared database SHARED_DB. This setup allows the reader account to access shared data securely without full Snowflake user privileges.

Commands

This command runs the SQL script to create the reader account and grant it access to the shared database. It uses the SnowSQL CLI connected as the admin user.

Terminal

snowsql -a myaccount -u admin -f create_reader_account.sql

Expected OutputExpected

Connecting to Snowflake... SQL execution successful. 2 statements executed.

→

-a - Specifies the Snowflake account to connect to.

→

-u - Specifies the username to connect as.

→

-f - Runs the SQL commands from the specified file.

This command logs into the newly created reader account using its admin user. It sets the default warehouse, database, and schema to query the shared data.

Terminal

snowsql -a myaccount -u reader_admin -w COMPUTE_WH -d SHARED_DB -s PUBLIC

Expected OutputExpected

Connecting to Snowflake... Welcome to Snowflake. You are now connected as reader_admin to database SHARED_DB, schema PUBLIC.

→

-w - Sets the default warehouse for queries.

→

-d - Sets the default database.

→

-s - Sets the default schema.

This command queries the first 5 rows from a shared table using the reader account to verify access.

Terminal

SELECT * FROM shared_table LIMIT 5;

Expected OutputExpected

ID | NAME | VALUE ---+---------+------- 1 | Alice | 100 2 | Bob | 200 3 | Charlie | 300 4 | Diana | 400 5 | Evan | 500

Key Concept

If you remember nothing else from this pattern, remember: Reader accounts let you share Snowflake data securely with users who do not have their own Snowflake accounts by giving them read-only access through a special managed account.

Common Mistakes

Trying to create a reader account without specifying an admin user and password.

Snowflake requires an admin user for the reader account to manage access and authentication.

Always specify ADMIN_NAME and ADMIN_PASSWORD when creating a reader account.

Not granting usage privileges on the shared database to the reader account.

Without these privileges, the reader account cannot access the shared data.

Use GRANT IMPORTED PRIVILEGES ON DATABASE to give the reader account access.

Trying to run queries on the reader account without setting the default warehouse or database.

Queries will fail because the reader account does not know where to run or what data to access.

Set default warehouse, database, and schema when connecting with the reader account.

Summary

Create a reader account with an admin user and password to enable secure data sharing.

Grant the reader account usage privileges on the shared database to allow data access.

Connect to the reader account with proper defaults and run queries to verify access.