Manage Snowflake Reader Account

The Snowflake reader account is created for an individual Coveo organization, and therefore only contains UA data related to that organization. Access to the Snowflake reader account for user or service accounts is managed through the Coveo Administration Console. By default, this access is IP-restricted, therefore an administrator with the required privileges can manage access by creating user accounts and adding allowed IP addresses.


The reader account feature is meant for clients who don’t have a Snowflake account. By creating a reader account through the Coveo Administration Console, you can access your data through the Snowflake portal.

Manage Your Reader Account

On the Raw Data (platform-eu | platform-au) page of the Coveo Administration Console, click the Snowflake Access tab, and then click the Reader Account subtab.

If you don’t yet have a reader account, click Create Snowflake Reader Account. Your organization data is automatically provisioned to create the account.

Add or Edit Users

  1. In the Snowflake Users section, click Add User.

  2. In the Add User panel that appears:

    Add User
    1. Enter the desired user name and email.

    2. (Optional) If you’re granting temporary access to the user, select the Provide temporary access check box.

      1. In the list that appears, select the applicable time frame.

      2. If you select Ends on specific date, select the desired date from the drop-down calendar that appears.

    3. Click Add.

Snowflake users aren’t the same as members of your Coveo organization; they can be either user or service accounts. Once added, a link is sent to the corresponding email address so that the user may set their password. The link is valid for four hours. After the password is set, they must use an allowed IP address in order to access the reader account.


Following the user setup, we strongly recommend that users enrol in Snowflake’s Multi-Factor Authentication (MFA) for an additional level of security. This feature provides an additional form of authentication during login. For information on how to enable MFA, see Enrolling in MFA (Multi-Factor Authentication).

Add or Block IP Addresses

  1. In the Snowflake Network Policy section, click Edit policy.

  2. Under Allowed IP Addresses, enter the IP addresses that you want to allow.

  3. Under Blocked IP Addresses, enter the IP addresses you want to block.

  4. Click Save.

  • Only public IP addresses can be allowed in the Snowflake Network Policy.

  • All IP addresses are blocked by default, therefore adding addresses to Blocked IP Addresses lets you block specific addresses within an allowed range.

    For example, you add 127.0. 0.1/24 to Allowed IP Addresses . This allows every IP address that starts with "127.0. 0". However, you want to block 127.0. 0.100 and 127.0. 0.200 which fall within that range, therefore you must add them to Blocked IP Addresses.

Snowflake Credits

In the Snowflake Reader Account tab of the Raw Data (platform-eu | platform-au) page, the Snowflake Credits resource monitor displays the monthly credit consumption for the reader account. As an authenticated administrator, you can view the amount of credits remaining based on your account’s consumption for the current month. The credit consumption is determined by the usage of the reader account’s warehouse.

Snowflake Credits

The default size for a warehouse assigned to a reader account is small. For more information regarding warehouse sizes and their respective credit limits, see Virtual Warehouse Credit Usage.

A reader account that’s linked to a Coveo organization is automatically assigned a customer_wh warehouse. The warehouse is required to execute SQL queries. The credits consumed by the warehouse count toward your monthly limit.

Actions Credit consumption

Viewing dashboards and reports, and generating CSV exports in the Administration Console.


Performing API calls to the UA Read API.


Connecting an external BI tool to the reader account.


Performing queries in the Snowflake console.


Performing queries against Snowflake with a user created in the Raw Data page.


Access Your Data

In the Snowflake Access tab of the Raw Data (platform-eu | platform-au) page, you can access your Snowflake reader account directly by clicking on the Reader Account subtab, and then Access Snowflake.

The Sign in to Snowflake page will open on a separate tab. You’ll then be able to log in with the credentials specific to the Snowflake interface.

Required Privileges

Privileges required to view or manage the Snowflake reader account.

Action Service - Domain Required access level

View and export data

Snowflake Management


Add or edit users



Snowflake Management


Add or block IP addresses



Snowflake Management


What's next for me?