'Snowflake and Google Authentication Limitations

I just set up my snowflake instance to use google auth. I can log in with my google account, query tables, create roles, etc... Today I ran into an issue (two of them actually).

I run this script

SET ROLE ACCOUNTADMIN;
CREATE WAREHOUSE IF NOT EXISTS joe;

When I am logged in with my Google Account, I get the error message: SQL access control error: Insufficient privileges to operate on account 'XXX99999'

When I am logging in with my Snowflake native account, it works. Both accounts have the ACCOUNTADMIN role and are using it.

This is all in the classic interface. When trying to switch over to Snowsight, my google account cannot login in. I click the [Authenticate with Google] and the screen refreshes, no error, but not now the button is disabled.

snowflake-cloud-data-platform


Solution 1:[1]

Please use the below scripts to create warehouse. You need to use role instead of set role.

use ROLE ACCOUNTADMIN; //To use accountadmin role

CREATE WAREHOUSE IF NOT EXISTS joe_wh; //to creare warehouse

To use SSO based login with Snowsight, Please migrate to advanced SAML as per

https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-advanced.html#migrating-to-a-saml2-security-integration

Solution 2:[2]

For the first error, the reason is that the user does not have any roles that has the privileges on the account where the operation is being done. To overcome that you need to assign the right set of roles to the user coming from Google IDP.

Please check the following documentation which details the levels for each of the database objects that requires privileges: https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html#syntax

For the second issue, which button is disabled "Snowsight" which is listed from Classic UI?

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Md Aurangzeb
Solution 2 Srinath Menon

Related Questions

HHH000339: Could not obtain connection metadata net.snowflake.client.jdbc.SnowflakeLoggedFeatureNotSupportedException

Easter / Good Friday for Sowflake Date Dim

How to Connect with Dbeaver on Snowflake (DUO Push)

OperationalError: 250003: Failed to get the response. Hanging? method: post

How to parse the following JSON to retrieve the name of the item in snowflake sql?

converting string to date using TO_DATE for MM/DD/YY gives wrong values for dates before 1970 [snowflake-cloud-data-platform]

Execute Multiple SQL Insert Statements in parallel in Snowflake

Unpivot multiple columns in Snowflake

Translating an Excel concept into SQL

Error while working on Automation Grant Access to database views / tables in snowflake schema

Why isn't snowsql opening an external browser?

Snowpark connection errors with 0.6.0 jar

Snowflake-Jitterbit Connector Error: net.snowflake.client.jdbc.SnowflakeSQLException: No active warehouse selected in the current session

How to delete Duplicate records in snowflake database table

How to get count of tables present in a particular schema in snowflake?