Snowflake

modules/snowflake-analytics/pages/neo4j-fraud.adoc

@@ -83,17 +83,6 @@ image:followalong.png[]
 
 ==== Permissions
 
-Before we run our algorithms, we need to set the proper permissions. But
-before we get started granting different roles, we need to ensure that
-you are using `accountadmin` to grant and create roles. Lets do that
-now:
-
-[source,sql]
-----
--- you must be accountadmin to create role and grant permissions
-use role accountadmin;
-----
-
 Next let’s set up the necessary roles, permissions, and resource access
 to enable Graph Analytics to operate on data within the
 `p2p++_++demo.public schema`. It creates a consumer role
@@ -106,40 +95,42 @@ pool and warehouse resources needed to run graph algorithms at scale.
 
 [source,sql]
 ----
-USE SCHEMA P2P_DEMO.PUBLIC;
-
--- Create a consumer role for users and admins of the Neo4j Graph Analytics application
-CREATE ROLE IF NOT EXISTS gds_user_role;
-GRANT APPLICATION ROLE neo4j_graph_analytics.app_user TO ROLE gds_user_role;
-
-CREATE DATABASE ROLE IF NOT EXISTS gds_db_role;
-GRANT DATABASE ROLE gds_db_role TO ROLE gds_user_role;
-GRANT DATABASE ROLE gds_db_role TO APPLICATION neo4j_graph_analytics;
-
--- Grant access to consumer data
-GRANT USAGE ON DATABASE P2P_DEMO TO ROLE gds_user_role;
-GRANT USAGE ON SCHEMA P2P_DEMO.PUBLIC TO ROLE gds_user_role;
-
--- Required to read tabular data into a graph
-GRANT SELECT ON ALL TABLES IN DATABASE P2P_DEMO TO DATABASE ROLE gds_db_role;
-
--- Ensure the consumer role has access to created tables/views
-GRANT ALL PRIVILEGES ON FUTURE TABLES IN SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT CREATE TABLE ON SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT CREATE VIEW ON SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON FUTURE VIEWS IN SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON ALL VIEWS IN SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE gds_db_role;
-
--- Compute and warehouse access
-GRANT USAGE ON WAREHOUSE GDSONSNOWFLAKE TO APPLICATION neo4j_graph_analytics;
-----
+-- Use a role with the required privileges
+USE ROLE ACCOUNTADMIN;
 
-Now we will switch to the role we just created:
+-- Create a consumer role for users of the Graph Analytics application
+CREATE ROLE IF NOT EXISTS MY_CONSUMER_ROLE;
+GRANT APPLICATION ROLE Neo4j_Graph_Analytics.app_user TO ROLE MY_CONSUMER_ROLE;
+SET MY_USER = (SELECT CURRENT_USER());
+GRANT ROLE MY_CONSUMER_ROLE TO USER IDENTIFIER($MY_USER);
 
-[source,sql]
-----
-use role gds_user_role;
+USE SCHEMA P2P_DEMO.PUBLIC;
+CREATE TABLE NODES (nodeId Number);
+INSERT INTO NODES VALUES (1), (2), (3), (4), (5), (6);
+CREATE TABLE RELATIONSHIPS (sourceNodeId Number, targetNodeId Number);
+INSERT INTO RELATIONSHIPS VALUES (1, 2), (2, 3), (4, 5), (5, 6);
+
+-- Grants needed for the app to read consumer data stored in tables and views, using a database role
+USE DATABASE P2P_DEMO;
+CREATE DATABASE ROLE IF NOT EXISTS MY_DB_ROLE;
+GRANT USAGE ON DATABASE P2P_DEMO TO DATABASE ROLE MY_DB_ROLE;
+GRANT USAGE ON SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON ALL TABLES IN SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON ALL VIEWS IN SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+-- Future tables also include tables that are created by the application itself.
+-- This is useful as many use-cases require running algorithms in a sequence and using the output of a prior algorithm as input.
+GRANT SELECT ON FUTURE TABLES IN SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON FUTURE VIEWS IN SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT CREATE TABLE ON SCHEMA P2P_DEMO.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT DATABASE ROLE MY_DB_ROLE TO APPLICATION Neo4j_Graph_Analytics;
+
+-- Ensure the consumer role has access to tables created by the application
+GRANT USAGE ON DATABASE P2P_DEMO TO ROLE MY_CONSUMER_ROLE;
+GRANT USAGE ON SCHEMA P2P_DEMO.PUBLIC TO ROLE MY_CONSUMER_ROLE;
+GRANT SELECT ON FUTURE TABLES IN SCHEMA P2P_DEMO.PUBLIC TO ROLE MY_CONSUMER_ROLE;
+
+-- Use the consumer role to run the algorithm and inspect the output
+USE ROLE MY_CONSUMER_ROLE;
 ----
 
 === Cleaning Our Data

modules/snowflake-analytics/pages/neo4j-insurance-fraud.adoc

@@ -89,13 +89,9 @@ roles with specific permissions, so that you can have many people
 working in the same database without worrying about security. The Neo4j
 app requires the creation of a few different roles. But before we get
 started granting different roles, we need to ensure that you are using
-`accountadmin` to grant and create roles. Lets do that now:
+`accountadmin` to grant and create roles. 
 
-....
-USE ROLE ACCOUNTADMIN;
-....
-
-Next we can set up the necessary roles, permissions, and resource access
+We can set up the necessary roles, permissions, and resource access
 to enable Graph Analytics to operate on the demo data within the
 `i++_++demo.public` schema (this schema is where the data will be stored
 by default).
@@ -108,44 +104,47 @@ compute pool and warehouse resources required to run the graph
 algorithms at scale.
 
 ....
--- Create an account role to manage the GDS application
-CREATE ROLE IF NOT EXISTS gds_role;
-GRANT APPLICATION ROLE neo4j_graph_analytics.app_user TO ROLE gds_role;
-GRANT APPLICATION ROLE neo4j_graph_analytics.app_admin TO ROLE gds_role;
-
---Grant permissions for the application to use the database
-GRANT USAGE ON DATABASE i_demo TO APPLICATION neo4j_graph_analytics;
-GRANT USAGE ON SCHEMA i_demo.public TO APPLICATION neo4j_graph_analytics;
-
---Create a database role to manage table and view access
-CREATE DATABASE ROLE IF NOT EXISTS gds_db_role;
-
-GRANT ALL PRIVILEGES ON FUTURE TABLES IN SCHEMA i_demo.public TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA i_demo.public TO DATABASE ROLE gds_db_role;
-
-GRANT ALL PRIVILEGES ON FUTURE VIEWS IN SCHEMA i_demo.public TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON ALL VIEWS IN SCHEMA i_demo.public TO DATABASE ROLE gds_db_role;
-
-GRANT CREATE TABLE ON SCHEMA i_demo.public TO DATABASE ROLE gds_db_role;
-
-
---Grant the DB role to the application and admin user
-GRANT DATABASE ROLE gds_db_role TO APPLICATION neo4j_graph_analytics;
-GRANT DATABASE ROLE gds_db_role TO ROLE gds_role;
-
-GRANT USAGE ON DATABASE I_DEMO TO ROLE GDS_ROLE;
-GRANT USAGE ON SCHEMA I_DEMO.PUBLIC TO ROLE GDS_ROLE;
+-- Use a role with the required privileges
+USE ROLE ACCOUNTADMIN;
 
-GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA I_DEMO.PUBLIC TO ROLE GDS_ROLE;
-GRANT CREATE TABLE ON SCHEMA I_DEMO.PUBLIC TO ROLE GDS_ROLE;
-GRANT SELECT, INSERT, UPDATE, DELETE ON FUTURE TABLES IN SCHEMA I_DEMO.PUBLIC TO ROLE GDS_ROLE;
+-- Create a consumer role for users of the Graph Analytics application
+CREATE ROLE IF NOT EXISTS MY_CONSUMER_ROLE;
+GRANT APPLICATION ROLE Neo4j_Graph_Analytics.app_user TO ROLE MY_CONSUMER_ROLE;
+SET MY_USER = (SELECT CURRENT_USER());
+GRANT ROLE MY_CONSUMER_ROLE TO USER IDENTIFIER($MY_USER);
+
+USE SCHEMA i_demo.PUBLIC;
+CREATE TABLE NODES (nodeId Number);
+INSERT INTO NODES VALUES (1), (2), (3), (4), (5), (6);
+CREATE TABLE RELATIONSHIPS (sourceNodeId Number, targetNodeId Number);
+INSERT INTO RELATIONSHIPS VALUES (1, 2), (2, 3), (4, 5), (5, 6);
+
+-- Grants needed for the app to read consumer data stored in tables and views, using a database role
+USE DATABASE i_demo;
+CREATE DATABASE ROLE IF NOT EXISTS MY_DB_ROLE;
+GRANT USAGE ON DATABASE i_demo TO DATABASE ROLE MY_DB_ROLE;
+GRANT USAGE ON SCHEMA i_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON ALL TABLES IN SCHEMA i_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON ALL VIEWS IN SCHEMA i_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+-- Future tables also include tables that are created by the application itself.
+-- This is useful as many use-cases require running algorithms in a sequence and using the output of a prior algorithm as input.
+GRANT SELECT ON FUTURE TABLES IN SCHEMA i_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON FUTURE VIEWS IN SCHEMA i_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT CREATE TABLE ON SCHEMA i_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT DATABASE ROLE MY_DB_ROLE TO APPLICATION Neo4j_Graph_Analytics;
+
+-- Ensure the consumer role has access to tables created by the application
+GRANT USAGE ON DATABASE i_demo TO ROLE MY_CONSUMER_ROLE;
+GRANT USAGE ON SCHEMA i_demo.PUBLIC TO ROLE MY_CONSUMER_ROLE;
+GRANT SELECT ON FUTURE TABLES IN SCHEMA i_demo.PUBLIC TO ROLE MY_CONSUMER_ROLE;
+
+-- Use the consumer role to run the algorithm and inspect the output
+USE ROLE MY_CONSUMER_ROLE;
 ....
 
-Now we will switch to the role we just created:
+Now we will switch to our database:
 
 ....
-use warehouse NEO4J_GRAPH_ANALYTICS_APP_WAREHOUSE;
-use role gds_role;
 use database i_demo;
 use schema public;
 ....

modules/snowflake-analytics/pages/neo4j-manufacturing.adoc

@@ -179,61 +179,48 @@ now:
 
 [source,sql]
 ----
--- you must be accountadmin to create role and grant permissions
-use role accountadmin;
-----
-
-Next we can set up the necessary roles, permissions, and resource access
-to enable Graph Analytics to operate on data within the
-`M++_++DEMO.public schema`. It creates a consumer role (gds++_++role)
-for users and administrators, grants the Graph Analytics application
-access to read from and write to tables and views, and ensures that
-future tables are accessible.
-
-It also provides the application with access to the required compute
-pool and warehouse resources needed to run graph algorithms at scale.
-
-[source,sql]
-----
--- Create an account role to manage the GDS application
-CREATE ROLE IF NOT EXISTS gds_role;
-GRANT APPLICATION ROLE neo4j_graph_analytics.app_user TO ROLE gds_role;
-GRANT APPLICATION ROLE neo4j_graph_analytics.app_admin TO ROLE gds_role;
-
---Grant permissions for the application to use the database
-GRANT USAGE ON DATABASE m_demo TO APPLICATION neo4j_graph_analytics;
-GRANT USAGE ON SCHEMA m_demo.public TO APPLICATION neo4j_graph_analytics;
-
---Create a database role to manage table and view access
-CREATE DATABASE ROLE IF NOT EXISTS gds_db_role;
-
-GRANT ALL PRIVILEGES ON FUTURE TABLES IN SCHEMA m_demo.public TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA m_demo.public TO DATABASE ROLE gds_db_role;
-
-GRANT ALL PRIVILEGES ON FUTURE VIEWS IN SCHEMA m_demo.public TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON ALL VIEWS IN SCHEMA m_demo.public TO DATABASE ROLE gds_db_role;
-
-GRANT CREATE TABLE ON SCHEMA m_demo.public TO DATABASE ROLE gds_db_role;
-
-
---Grant the DB role to the application and admin user
-GRANT DATABASE ROLE gds_db_role TO APPLICATION neo4j_graph_analytics;
-GRANT DATABASE ROLE gds_db_role TO ROLE gds_role;
-
-GRANT USAGE ON DATABASE M_DEMO TO ROLE GDS_ROLE;
-GRANT USAGE ON SCHEMA M_DEMO.PUBLIC TO ROLE GDS_ROLE;
-
-GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA M_DEMO.PUBLIC TO ROLE GDS_ROLE;
-GRANT CREATE TABLE ON SCHEMA M_DEMO.PUBLIC TO ROLE GDS_ROLE;
-GRANT SELECT, INSERT, UPDATE, DELETE ON FUTURE TABLES IN SCHEMA M_DEMO.PUBLIC TO ROLE GDS_ROLE;
-----
-
-Then we need to switch the role we created:
+-- Use a role with the required privileges
+USE ROLE ACCOUNTADMIN;
+
+-- Create a consumer role for users of the Graph Analytics application
+CREATE ROLE IF NOT EXISTS MY_CONSUMER_ROLE;
+GRANT APPLICATION ROLE Neo4j_Graph_Analytics.app_user TO ROLE MY_CONSUMER_ROLE;
+SET MY_USER = (SELECT CURRENT_USER());
+GRANT ROLE MY_CONSUMER_ROLE TO USER IDENTIFIER($MY_USER);
+
+USE SCHEMA m_demo.PUBLIC;
+CREATE TABLE NODES (nodeId Number);
+INSERT INTO NODES VALUES (1), (2), (3), (4), (5), (6);
+CREATE TABLE RELATIONSHIPS (sourceNodeId Number, targetNodeId Number);
+INSERT INTO RELATIONSHIPS VALUES (1, 2), (2, 3), (4, 5), (5, 6);
+
+-- Grants needed for the app to read consumer data stored in tables and views, using a database role
+USE DATABASE m_demo;
+CREATE DATABASE ROLE IF NOT EXISTS MY_DB_ROLE;
+GRANT USAGE ON DATABASE m_demo TO DATABASE ROLE MY_DB_ROLE;
+GRANT USAGE ON SCHEMA m_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON ALL TABLES IN SCHEMA m_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON ALL VIEWS IN SCHEMA m_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+-- Future tables also include tables that are created by the application itself.
+-- This is useful as many use-cases require running algorithms in a sequence and using the output of a prior algorithm as input.
+GRANT SELECT ON FUTURE TABLES IN SCHEMA m_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON FUTURE VIEWS IN SCHEMA m_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT CREATE TABLE ON SCHEMA m_demo.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT DATABASE ROLE MY_DB_ROLE TO APPLICATION Neo4j_Graph_Analytics;
+
+-- Ensure the consumer role has access to tables created by the application
+GRANT USAGE ON DATABASE m_demo TO ROLE MY_CONSUMER_ROLE;
+GRANT USAGE ON SCHEMA m_demo.PUBLIC TO ROLE MY_CONSUMER_ROLE;
+GRANT SELECT ON FUTURE TABLES IN SCHEMA m_demo.PUBLIC TO ROLE MY_CONSUMER_ROLE;
+
+-- Use the consumer role to run the algorithm and inspect the output
+USE ROLE MY_CONSUMER_ROLE;
+----
+
+Then we need to switch the database we created:
 
 [source,sql]
 ----
-use warehouse neo4j_graph_analytics_APP_WAREHOUSE;
-use role gds_role;
 use database m_demo;
 use schema public;
 ----

modules/snowflake-analytics/pages/neo4j-marketing-segmentation.adoc

@@ -265,43 +265,42 @@ Next we grant the necessary permissions:
 
 [source,sql]
 ----
+-- Use a role with the required privileges
 USE ROLE ACCOUNTADMIN;
-----
 
-[source,sql]
-----
--- Create a consumer role for users and admins of the GDS application
-CREATE ROLE IF NOT EXISTS gds_user_role;
-CREATE ROLE IF NOT EXISTS gds_admin_role;
-GRANT APPLICATION ROLE neo4j_graph_analytics.app_user TO ROLE gds_user_role;
-GRANT APPLICATION ROLE neo4j_graph_analytics.app_admin TO ROLE gds_admin_role;
-
-CREATE DATABASE ROLE IF NOT EXISTS gds_db_role;
-GRANT DATABASE ROLE gds_db_role TO ROLE gds_user_role;
-GRANT DATABASE ROLE gds_db_role TO APPLICATION neo4j_graph_analytics;
-
--- Grant access to consumer data
-GRANT USAGE ON DATABASE RETAIL_RECS TO ROLE gds_user_role;
-GRANT USAGE ON SCHEMA RETAIL_RECS.PUBLIC TO ROLE gds_user_role;
-
--- Required to read tabular data into a graph
-GRANT SELECT ON ALL TABLES IN DATABASE RETAIL_RECS TO DATABASE ROLE gds_db_role;
-
--- Ensure the consumer role has access to created tables/views
-GRANT ALL PRIVILEGES ON FUTURE TABLES IN SCHEMA RETAIL_RECS.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA RETAIL_RECS.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT CREATE TABLE ON SCHEMA RETAIL_RECS.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT CREATE VIEW ON SCHEMA RETAIL_RECS.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON FUTURE VIEWS IN SCHEMA RETAIL_RECS.PUBLIC TO DATABASE ROLE gds_db_role;
-GRANT ALL PRIVILEGES ON ALL VIEWS IN SCHEMA RETAIL_RECS.PUBLIC TO DATABASE ROLE gds_db_role;
-
--- Compute and warehouse access
-GRANT USAGE ON WAREHOUSE NEO4J_GRAPH_ANALYTICS_APP_WAREHOUSE TO APPLICATION neo4j_graph_analytics;
-----
-
-[source,sql]
-----
-use role gds_role;
+-- Create a consumer role for users of the Graph Analytics application
+CREATE ROLE IF NOT EXISTS MY_CONSUMER_ROLE;
+GRANT APPLICATION ROLE Neo4j_Graph_Analytics.app_user TO ROLE MY_CONSUMER_ROLE;
+SET MY_USER = (SELECT CURRENT_USER());
+GRANT ROLE MY_CONSUMER_ROLE TO USER IDENTIFIER($MY_USER);
+
+USE SCHEMA retail_recs.PUBLIC;
+CREATE TABLE NODES (nodeId Number);
+INSERT INTO NODES VALUES (1), (2), (3), (4), (5), (6);
+CREATE TABLE RELATIONSHIPS (sourceNodeId Number, targetNodeId Number);
+INSERT INTO RELATIONSHIPS VALUES (1, 2), (2, 3), (4, 5), (5, 6);
+
+-- Grants needed for the app to read consumer data stored in tables and views, using a database role
+USE DATABASE retail_recs;
+CREATE DATABASE ROLE IF NOT EXISTS MY_DB_ROLE;
+GRANT USAGE ON DATABASE retail_recs TO DATABASE ROLE MY_DB_ROLE;
+GRANT USAGE ON SCHEMA retail_recs.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON ALL TABLES IN SCHEMA retail_recs.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON ALL VIEWS IN SCHEMA retail_recs.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+-- Future tables also include tables that are created by the application itself.
+-- This is useful as many use-cases require running algorithms in a sequence and using the output of a prior algorithm as input.
+GRANT SELECT ON FUTURE TABLES IN SCHEMA retail_recs.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT SELECT ON FUTURE VIEWS IN SCHEMA retail_recs.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT CREATE TABLE ON SCHEMA retail_recs.PUBLIC TO DATABASE ROLE MY_DB_ROLE;
+GRANT DATABASE ROLE MY_DB_ROLE TO APPLICATION Neo4j_Graph_Analytics;
+
+-- Ensure the consumer role has access to tables created by the application
+GRANT USAGE ON DATABASE retail_recs TO ROLE MY_CONSUMER_ROLE;
+GRANT USAGE ON SCHEMA retail_recs.PUBLIC TO ROLE MY_CONSUMER_ROLE;
+GRANT SELECT ON FUTURE TABLES IN SCHEMA retail_recs.PUBLIC TO ROLE MY_CONSUMER_ROLE;
+
+-- Use the consumer role to run the algorithm and inspect the output
+USE ROLE MY_CONSUMER_ROLE;
 ----
 
 == Running our Algorithms