Snowflake integration: service user authentication and RBAC scoping

Unthread connects to Snowflake using a dedicated Snowflake service user (for example, UNTHREAD_SVC).

Authentication

The Snowflake connection uses a username and key for authentication.

Permission scoping (read-only vs. read-write)

You can enforce the integration’s access using standard Snowflake RBAC restrictions.

• You can set read-only or read-write permissions.
• You can scope permissions on a per-table or per-schema basis.

Recommended least-privilege approach

To minimize access, grant the service user write permissions only to the specific tables you want Unthread to write to.

With this approach, the service user would not be able to read or write anything else.