Skip to main content
Snowflake is the typical source for analytics-shaped agents — the ones running ad-hoc SQL, filling dashboards, or building exports. These agents touch the widest column surface of any class, which makes intent governance most valuable here.

Why it matters

A Snowflake-connected analytics agent often has SELECT on dozens of schemas. Without governance, every prompt is “the agent might touch anything.” With Inviolet, each query carries an intent label, a purpose match, and (Ultraviolet tier) a column allowlist enforced at the database proxy.

1. Create a service account + role

USE ROLE SECURITYADMIN;
CREATE USER INVIOLET_SVC PASSWORD = '<rotate>' DEFAULT_ROLE = 'INVIOLET_RO';
CREATE ROLE INVIOLET_RO;
GRANT USAGE ON WAREHOUSE COMPUTE_WH TO ROLE INVIOLET_RO;
GRANT USAGE ON DATABASE ANALYTICS TO ROLE INVIOLET_RO;
GRANT USAGE ON SCHEMA ANALYTICS.SALES TO ROLE INVIOLET_RO;
GRANT SELECT ON ALL TABLES IN SCHEMA ANALYTICS.SALES TO ROLE INVIOLET_RO;
GRANT ROLE INVIOLET_RO TO USER INVIOLET_SVC;

2. Add the data source in Inviolet

App dashboard → Data Sources → Add → Snowflake. Paste:
  • Account identifier (e.g., xy12345.us-east-1)
  • Username (INVIOLET_SVC) + password
  • Warehouse, default database, default role (INVIOLET_RO)
Inviolet performs a test query and lists the schemas it can see.

3. Run a query through the gateway

import { InViolet } from "@inviolet/sdk"

const inviolet = new InViolet({ apiKey: process.env.INVIOLET_API_KEY! })

const decision = await inviolet.intent.evaluate({
  userId: "analyst_42",
  toolCall: {
    name: "run_sql",
    arguments: {
      query: "SELECT region, SUM(amount) FROM ANALYTICS.SALES.OPPORTUNITIES GROUP BY 1",
    },
  },
  dataSourceId: "snowflake_prod",
})
The intent_class typically returns reporting or analysis for analytics queries. The matched purpose tells you which dashboard / export this query belongs to.

4. Verify

After connection, the query pattern map fills with Snowflake-shaped events. Look for surprises: schemas your agents touch that you didn’t realize they could.