Permissions for Snowflake AI models
This reference covers the privileges the Atlan service account needs to crawl AI models and extract lineage from the Snowflake Model Registry, what each privilege enables, and how to grant it.
For standard Snowflake connector permissions, see Set up Snowflake.
Base privileges
These privileges are required for Atlan to connect to Snowflake and query model metadata. They apply in addition to standard connector permissions.
| Privilege | Scope | What it enables |
|---|---|---|
USAGE | Warehouse | Required to execute any query. Atlan uses the warehouse to run all metadata extraction and lineage queries. |
USAGE | Database containing models | Required to access the database where the Model Registry resides. Without this, the database is inaccessible. |
USAGE | Schema containing models | Required to access schemas within the database. Without this, models within a schema can't be listed or queried. |
USAGE | INFORMATION_SCHEMA | Required to query INFORMATION_SCHEMA.MODEL_VERSIONS, which Atlan uses to enumerate registered models. |
SELECT | Tables and views | Required to resolve lineage relationships. Atlan confirms that upstream tables and views referenced by GET_LINEAGE() exist and maps them as assets. |
Model privileges
The USAGE privilege on each model object is required for two independent reasons:
| Reason | What happens without it |
|---|---|
INFORMATION_SCHEMA.MODEL_VERSIONS only returns models that the querying role has USAGE on | Models without this grant are invisible to the crawler—they're silently excluded from the crawl results |
SNOWFLAKE.CORE.GET_LINEAGE() requires USAGE on the model to resolve its upstream dependencies | Lineage extraction is silently skipped for that model version |
Both model crawling and lineage extraction fail silently when USAGE is missing on a model—there is no error, the model is simply omitted.
See also
- Crawl Snowflake AI models: Configure the crawler to discover and catalog AI models.