Overview
Integrating Snowflake and MaestroQA allows for customers to export data from MaestroQA and import data into MaestroQA.
To do this you will need to be an Admin in MaestroQA with access to the Integrations page. Then underneath the Data Export locate Snowflake:
For information on what can be exported to Snowflake, check this Data Dictionary. For information on the data ingestion process, check this Help Article.
Setup Steps
1. Securing Database Access
Before creating database objects, you'll need to allow MaestroQA's IP addresses to connect to your Snowflake instance.
List of IPs to allow will be visible in the first step of the Snowflake integration process but if you are unable to locate them contact your main POC at MaestroQA.
Important: Without proper network access configuration, the connection will fail even with correct credentials.
2. Create Database and Schema
First, create a dedicated database for MaestroQA data (or skip this step if using an existing database):
CREATE DATABASE MAESTRO_DB;
Create a schema within the database:
CREATE SCHEMA MAESTRO;
3. Create Service User
Create the MaestroQA service user and configure RSA key authentication:
CREATE USER MAESTRO_USER; ALTER USER MAESTRO_USER SET RSA_PUBLIC_KEY='<MAESTROQA_PUBLIC_KEY>';
MaestroQA's Public Key is accessible in the second step of the Snowflake Integration process else if you are unable to locate it there, reach out to your main POC at Maestro!
4. Configure Role and Permissions
Create a role for MaestroQA operations:
CREATE ROLE MAESTRO_ROLE;
Grant the necessary permissions:
CREATE ROLE MAESTRO_ROLE;
REVOKE ALL PRIVILEGES ON DATABASE MAESTRO_DB FROM MAESTRO_ROLE;
GRANT USAGE ON DATABASE MAESTRO_DB TO MAESTRO_ROLE;
GRANT USAGE ON WAREHOUSE <your_warehouse_name> TO MAESTRO_ROLE;
GRANT ROLE MAESTRO_ROLE TO USER MAESTRO_USER;
GRANT ALL ON SCHEMA maestro TO MAESTRO_ROLE;
GRANT OWNERSHIP ON SCHEMA maestro TO ROLE MAESTRO_ROLE;
-- the below operation is only needed if you don't have "auto resume" enabled on the warehouse
GRANT OPERATE ON WAREHOUSE <your_warehouse_name> TO MAESTRO_ROLE;
Important Notes
Warehouse Name: Replace
<your_warehouse_name>with your actual Snowflake warehouse nameAuto-Resume: The
GRANT OPERATEcommand is only needed if your warehouse doesn't have auto-resume enabledSecurity: Contact your MaestroQA implementation team for the current RSA public key
Next Steps
After completing this setup, you'll need to configure the MaestroQA connection using these values:
Connection Configuration
When filling out the MaestroQA Snowflake connection form, use these values from your setup:
Field | Value |
Account | Your Snowflake account identifier |
Cloud Region ID | Your Snowflake region (e.g., |
User |
|
Warehouse |
|
Database |
|
Schema |
|
User Role |
|
Final Steps
Ensure MaestroQA has provided you with their current RSA public key
Enter the connection details in MaestroQA's interface
Test the connection to verify everything is working correctly
Troubleshooting
Common Issues That Cause Connection Failures
Case Sensitivity Problems:
Snowflake object names are case-sensitive when quoted, case-insensitive when unquoted
Our commands create unquoted objects (stored as UPPERCASE)
If the connection form is case-sensitive, use:
MAESTRO_USER,MAESTRO_DB,MAESTRO,MAESTRO_ROLE
Account Identifier Format:
Use format:
account_name.regionororgname-account_nameDon't include:
https://,.snowflakecomputing.com, or other URL componentsExample:
abc12345.us-east-1nothttps://abc12345.us-east-1.snowflakecomputing.com
Warehouse Issues:
Warehouse must be running or have auto-resume enabled
User needs
USAGEpermission (granted in setup)If auto-resume is disabled, user needs
OPERATEpermission (conditional in our setup)
Network Access:
Check if all IPs are being whitelisted
Network policies apply at account level and can override other permissions
VPN/proxy configurations may require additional IP ranges
Role Assignment:
The user's default role might not be
MAESTRO_ROLEConnection may need to explicitly specify the role
Role inheritance can cause unexpected permission issues