(Glue-2411) Snowflake Prerequisites

Owned by SNP
Nov 20, 2024
2 min read

High-level summary of necessary steps (more details in Snowflake documentation):

SAP Basis/Infrastructure tasks:

SAP Basis team:

  1. Java Connector: (SM-Latest) Java Connector Setup

    1. Creation of SNP_JAVA_CONNECTOR RFC:

      1. Connection type: TCP/IP Connection.

      2. Activation type: Registered Server Program.

      3. Fill in Program ID (e.g.): SNP_JAVA_CONNECTOR.

    2. Creation of Technical SAP user for ABAP->JCO RFC Communication:

      1. In transport, you are provided with a template role with name /DVD/JCORFC (if you use this role, do not forget to generate the profile in transaction PFCG).

      2. Create System user, with role /DVD/JCORFC.

    3. Granting access for external program SNP_JAVA_CONNECTOR to SAP gateway

      1. Check SMGW > GoTo > Expert Functions > External Security > Maintenance of ACL files > Tab Reginfo and make sure that Program Name is allowed to register (either via wildcard rule or explicit ProgramID; example: “P TP=SNP_JAVA_CONNECTOR HOST=127.0.0.1”).

  2. Uploading Snowflake JDBC driver to the operating system of the application server:

    1. Snowpipe connection (logic utilizing staging area):

      1. Central Repository: net/snowflake/snowflake-jdbc (The recommendation is to use the newest version of the driver).

    2. Snowpipe streaming connection:

      1. Central Repository: net/snowflake/snowflake-jdbc (The recommendation is to use the newest version of the driver),

      2. https://mvnrepository.com/artifact/net.snowflake/snowflake-ingest-sdk (The recommendation is to use the latest version of the SDK).

 

Networking team:

  1. Enabling outbound communication from the SAP system to Snowflake

To enable communication between SAP systems and the Snowflake environment, a set of hosts/ports related to your Snowflake account needs to be reachable from the SAP system.
Please refer to the Allowlist output generated by the Snowflake team.

 

Snowflake team:

  1. Snowflake storage: (SM-Latest) Snowflake

    1. Creation of Snowflake database, warehouse, and schema (refer to https://docs.snowflake.com/en/index.html)

    2. Creation of Snowflake technical role and user with necessary authorizations

      1. The recommended privilege for the Snowflake technical user is OWNERSHIP of the Snowflake database.

      2. The minimal requirements are:

        1. GRANT ALL ON DATABASE <DATABASE> TO ROLE <ROLE>

        2. GRANT USAGE ON WAREHOUSE <WAREHOUSE> TO ROLE <ROLE>

        3. GRANT ALL ON SCHEMA <SCHEMA> TO ROLE <ROLE>

  2. Executing SELECT SYSTEM$ALLOWLIST(); or SELECT SYSTEM$ALLOWLIST_PRIVATELINK(); generates .csv file with a list of hosts and ports involved in the communication.
    All communication is outbound from the SAP perspective. Pass generated output to the networking team.

    Reference to Snowflake documentation: https://docs.snowflake.com/en/user-guide/snowcd.