Installation
Metatate can be installed from the Snowflake Marketplace or deployed manually as a Snowflake Native App.
From Snowflake Marketplace
- Navigate to the Snowflake Marketplace in Snowsight
- Search for Metatate
- Click Get to install the application
- Grant the required privileges when prompted:
BIND SERVICE ENDPOINT— for public ingress URLsCREATE COMPUTE POOL— for container servicesIMPORTED PRIVILEGES ON SNOWFLAKE DB— for Snowflake Cortex AI
Initial Setup
After installation, open the app from the Apps section in Snowsight. The Metatate Launcher (Streamlit) will guide you through initial setup:
1. Grant Privileges
The app requests three privileges that are auto-granted:
| Privilege | Purpose |
|---|---|
BIND SERVICE ENDPOINT | Create public ingress URLs for the web UI |
CREATE COMPUTE POOL | Create compute pools for container services |
IMPORTED PRIVILEGES ON SNOWFLAKE DB | Enable Cortex AI features |
2. Configure References
The app uses Snowflake's reference system for controlled access:
| Reference | Type | Purpose | Required |
|---|---|---|---|
DATABASE_CATALOG | TABLE (multi-valued) | Tables you want to govern | Recommended |
APP_WAREHOUSE | WAREHOUSE | Query execution and MCP server | Recommended |
You can add table references at any time. Start with a few tables and expand as needed.
3. Start Services
The launcher creates two compute pools and starts the container services:
- Frontend compute pool —
CPU_X64_XS, runs the React UI + nginx router - Backend compute pool —
CPU_X64_XS, runs the Flask API server
Services typically start within 2-3 minutes.
4. Configure Tenant
Enter your organization name and optional details. This is stored in app_data.tenant_config within your account.
Accessing the App
Once setup is complete, access Metatate through:
- Snowsight — Apps → Metatate → Click the app URL
- Direct URL — The ingress URL shown in the launcher (
https://<id>-<account>.snowflakecomputing.app)
Granting Access to Users
Grant application roles to users who need access:
-- Full admin access (setup, configuration, all features)
GRANT APPLICATION ROLE app_admin TO ROLE <your_role>;
-- Standard user access (policies, catalog, governance)
GRANT APPLICATION ROLE app_user TO ROLE <your_role>;
Next Steps
- Quick Start — Create your first policy in 5 minutes