Skip to content
Rime Documentation

Snowflake Resources

Rime manages your Snowflake account infrastructure through a visual interface. You configure databases, schemas, warehouses, roles, and grants in the UI, and Rime provisions them using Terraform internally. You never write or see HCL — Rime handles the full lifecycle from creation through modification to teardown.

All Snowflake resource changes go through the plan/apply workflow, so you can review what will change before anything is applied.

Connecting your Snowflake account

Before creating resources, connect Rime to your Snowflake account. Navigate to Project Settings > Snowflake Connection and provide:

  • Account identifier — your Snowflake account locator (e.g., xy12345.ap-southeast-2)
  • Authentication method — password or key pair. Key pair authentication is recommended for production use
  • Username — the Snowflake user Rime will authenticate as. This user must have the ACCOUNTADMIN role or a custom role with equivalent privileges for resource provisioning

Rime encrypts all credentials at rest using AES-256-GCM. Credentials are never stored in plaintext.

Creating resources

To create a Snowflake resource, navigate to Infrastructure > Resources and select Add Resource. Choose a resource type from the list:

  • Database
  • Schema
  • Warehouse
  • Role
  • Grant

Each resource type has its own configuration form. After filling in the required fields, select Save. The resource is added to your desired state but is not yet provisioned. To apply the change, go to Infrastructure > Changes and run a plan/apply cycle.

Databases

A database is the top-level container for your data in Snowflake. When creating a database, configure:

  • Name — must be unique within your Snowflake account. Rime enforces uppercase naming to match Snowflake conventions
  • Comment — an optional description that appears in Snowflake’s SHOW DATABASES output
  • Data retention (days) — the Time Travel retention period, from 0 to 90 days. Defaults to 1. Higher values consume more storage but allow longer recovery windows
  • Transient — if enabled, the database does not have a Fail-safe period, reducing storage costs at the expense of disaster recovery. Suitable for staging or ephemeral data

Most organisations start with three databases:

DatabasePurpose
RAWLanding zone for extracted data. Snowpipe loads data here.
TRANSFORMStaging, dimension, fact, and mart tables produced by dbt.
ANALYTICSRead-only views or clones exposed to analysts and BI tools.

You can create additional databases for development or testing environments.

Schemas

A schema organises tables within a database. When creating a schema, configure:

  • Database — the parent database (selected from your existing databases)
  • Name — must be unique within the parent database
  • Comment — optional description
  • Managed access — if enabled, only the schema owner (and ACCOUNTADMIN) can grant privileges on objects within the schema. This is recommended for production schemas that hold sensitive data

Rime automatically creates schemas for connectors and dbt models when you configure extraction sources and transformation projects.

Warehouses

A warehouse is a compute cluster that runs queries. Warehouse configuration has the most significant cost impact of any Snowflake resource.

Configuration options

OptionDescriptionDefault
NameWarehouse identifierRequired
SizeCompute capacity: X-Small through 6X-Large. Each step up doubles compute and costX-Small
Auto-suspend (seconds)Idle time before the warehouse suspends. Lower values reduce cost; higher values avoid cold-start latency300
Auto-resumeWhether the warehouse starts automatically when a query arrives. Nearly always enabledYes
Min clustersMinimum number of clusters for multi-cluster warehouses1
Max clustersMaximum number of clusters. Set higher than min to enable auto-scaling1
Scaling policyHow quickly clusters scale. Standard adds clusters when queries queue. Economy waits longer to reduce costStandard
CommentOptional description

Sizing guidance

Start with X-Small for development and Small or Medium for production workloads. Monitor query performance in Rime’s monitoring dashboard and resize as needed. Increasing warehouse size is a non-disruptive change — Rime applies it through the normal change management workflow without downtime.

For workloads with variable concurrency (e.g., end-of-month reporting spikes), set max clusters higher than min clusters and use the Standard scaling policy. The Economy policy is better suited for cost-sensitive workloads that can tolerate longer queue times.

WarehousePurposeTypical size
LOADING_WHSnowpipe ingestion and connector loadsX-Small
TRANSFORM_WHdbt model executionSmall to Medium
ANALYTICS_WHAnalyst queries and BI tool connectionsMedium
ADMIN_WHRime administration tasksX-Small

Separating workloads into distinct warehouses prevents a heavy transformation job from blocking analyst queries, and allows independent sizing and cost attribution.

Roles

Rime manages Snowflake roles and their hierarchy. When creating a role, configure:

  • Name — the role identifier
  • Comment — optional description
  • Parent role — the role that this new role is granted to. This establishes the role hierarchy: a parent role inherits all privileges of its children

Role hierarchy

Snowflake uses a hierarchical role model. A typical hierarchy managed through Rime looks like:

ACCOUNTADMIN
└── SYSADMIN
    ├── LOADER_ROLE      (used by connectors and Snowpipe)
    ├── TRANSFORMER_ROLE (used by dbt)
    └── ANALYST_ROLE     (used by BI tools and analysts)

Each child role has only the privileges it needs. The parent inherits those privileges, so SYSADMIN can access everything its children can, but ANALYST_ROLE cannot access LOADER_ROLE objects.

Rime enforces this hierarchy when you configure grants. You cannot grant privileges that would violate the hierarchy or create circular role references.

Grants

Grants control which roles can access which resources. Rather than running GRANT statements manually in Snowflake, you configure grants through the Rime UI.

To add a grant, navigate to the role detail page and select Add Grant. Choose:

  • Privilege — the permission to grant (e.g., USAGE, SELECT, CREATE TABLE, ALL)
  • Resource type — what the privilege applies to (database, schema, warehouse, or table)
  • Resource — the specific resource to grant access to

Common grant patterns:

RolePrivilegeOnResource
LOADER_ROLEUSAGEDatabaseRAW
LOADER_ROLECREATE TABLESchemaRAW.PUBLIC
TRANSFORMER_ROLESELECTDatabaseRAW
TRANSFORMER_ROLEALLDatabaseTRANSFORM
ANALYST_ROLEUSAGEWarehouseANALYTICS_WH
ANALYST_ROLESELECTDatabaseANALYTICS

Rime tracks grants as part of your desired state. Adding or removing a grant produces a change that goes through the plan/apply workflow like any other infrastructure modification.

How Rime provisions resources

When you configure a resource in the UI, Rime stores it as desired state in your project. When you apply changes:

  1. Rime generates Terraform configuration from your desired state
  2. Terraform compares the generated configuration against its state file (the actual state of your Snowflake account)
  3. Rime presents a change preview showing what will be created, modified, or destroyed
  4. On approval, Terraform applies the changes to your Snowflake account
  5. Rime updates the actual state to reflect what was provisioned

This two-phase workflow ensures you always review changes before they take effect. If something goes wrong, you can view the operation history and roll back. See Change Management for the full workflow.

Drift detection

Rime periodically compares the actual state of your Snowflake resources against the desired state you configured. If someone modifies a resource directly in Snowflake (outside Rime), the platform detects the drift and alerts you. See Drift Detection for details on how reconciliation works and your options for resolving discrepancies.

Next steps