(Glue-2411) Snowflake Prerequisites

Owned by SNP
yesterday at 10:36 am
2 min read

High-level summary of necessary steps (more details in Snowflake documentation):

SAP Basis/Infrastructure tasks:

SAP Basis team:

  1. Java Connector: (SM-Latest) Java Connector Setup

    1. Creation of SNP_JAVA_CONNECTOR RFC:

      1. Connection type: TCP/IP Connection.

      2. Activation type: Registered Server Program.

      3. Fill in Program ID (e.g.): SNP_JAVA_CONNECTOR.

    2. Creation of Technical SAP user for ABAP->JCO RFC Communication:

      1. In transport, you are provided with a template role with name /DVD/JCORFC (if you use this role, do not forget to generate the profile in transaction PFCG).

      2. Create System user, with role /DVD/JCORFC.

    3. Granting access for external program SNP_JAVA_CONNECTOR to SAP gateway

      1. Check SMGW > GoTo > Expert Functions > External Security > Maintenance of ACL files > Tab Reginfo and make sure that Program Name is allowed to register (either via wildcard rule or explicit ProgramID; example: “P TP=SNP_JAVA_CONNECTOR HOST=127.0.0.1”).

  2. Uploading Snowflake JDBC driver to the operating system of the application server:

    1. Snowpipe connection (logic utilizing staging area):

      1. Central Repository: net/snowflake/snowflake-jdbc (The recommendation is to use the newest version of the driver).

    2. Snowpipe streaming connection:

      1. Central Repository: net/snowflake/snowflake-jdbc (The recommendation is to use the newest version of the driver),

      2. Maven Repository: net.snowflake » snowflake-ingest-sdk (The recommendation is to use the latest version of the SDK).

 

Networking team:

  1. Enabling outbound communication from the SAP system to Snowflake

To enable communication between SAP systems and the Snowflake environment, a set of hosts/ports related to your Snowflake account needs to be reachable from the SAP system.
Please refer to the Allowlist output generated by the Snowflake team.

 

Snowflake team:

  1. Snowflake storage: (SM-Latest) Snowflake

    1. Creation of Snowflake database, warehouse, and schema (refer to Snowflake Documentation)

    2. Creation of Snowflake technical role and user with necessary authorizations

      1. The recommended privilege for the Snowflake technical user is OWNERSHIP of the Snowflake database.

      2. The minimal requirements are:

        1. GRANT ALL ON DATABASE <DATABASE> TO ROLE <ROLE>

        2. GRANT USAGE ON WAREHOUSE <WAREHOUSE> TO ROLE <ROLE>

        3. GRANT ALL ON SCHEMA <SCHEMA> TO ROLE <ROLE>

  2. Executing SELECT SYSTEM$ALLOWLIST(); or SELECT SYSTEM$ALLOWLIST_PRIVATELINK(); generates .csv file with a list of hosts and ports involved in the communication.
    All communication is outbound from the SAP perspective. Pass generated output to the networking team.

    Reference to Snowflake documentation: SnowCD (Connectivity Diagnostic Tool) | Snowflake Documentation.