Manage Direct Data Access Users
To manage users and assign roles for Direct Data Access (DDA), a user must have the USERADMIN role. This role is automatically assigned to the first user in a Snowflake account.
To access and view shared analytics data, the user also needs the SHARE_USER role.
Create a new user
-
Log into your Snowflake account using an account provided by N-Able.
-
Navigate to Project > Worksheets and open or create an SQL worksheet.
-
Switch to the USERADMIN role using the role selector in the bottom-left panel.
-
Paste and run the SQL commands to create the user, updating any placeholder values (e.g. USERNAME, PASSWORD, LOGIN_NAME, EMAIL).
CREATE USER IF NOT EXISTS "USERNAME"
PASSWORD = 'PASSWORD'
LOGIN_NAME = 'LOGIN_NAME' -- optional
EMAIL = 'EMAIL'
MUST_CHANGE_PASSWORD = TRUE
TYPE = PERSON;
Key Properties:
-
PASSWORD: Must be enclosed in single or double quotes. If omitted, the user cannot log in until a password is set.
-
LOGIN_NAME: (optional) Must be unique across the account and is case-sensitive.
-
EMAIL: Email address for the user.
-
MUST_CHANGE_PASSWORD: If TRUE, the user must change their password on first login.
-
TYPE: Defines the user type:
-
PERSON: Human user.
-
SERVICE: Non-human service or application.
-
LEGACY_SERVICE: Non-interactive integration with support for password/SAML.
-
NULL: Default; behaves like PERSON.
-
-
Once complete, share the credentials with the user, including their temporary password and the URL to access their account - ensuring they connect using an IP address from the allow list.
Assigning roles for user management and data access
If a newly created user requires user management privileges, you can grant the USERADMIN role using:
GRANT ROLE USERADMIN TO USER <username>;
However, if the user only needs access to shared analytics data, assign the SHARE_USER role:
GRANT ROLE SHARE_USER TO USER <username>;
Temporarily locking or disabling a user
As circumstances change, it may be necessary to temporarily restrict a user's access to Direct Data Access. Disabling or locking a user immediately aborts any active queries, prevents new ones from being initiated, and blocks future logins. This is the recommended approach for temporarily suspending a user without deleting their account, as it preserves existing role grants and user metadata.
ALTER USER "USERNAME" SET DISABLED = TRUE;
Permanently deleting or dropping a User
When you're certain the account is no longer needed, you may choose to permanently delete a user. This action is irreversible and may result in loss of access to associated worksheets, dashboards, and other user-owned assets.
Before proceeding, review the last login entry in the Users view to help determine whether the account is still in use.
DROP USER IF EXISTS "USERNAME";