Installation
Metatate can be installed from the Snowflake Marketplace or deployed manually as a Snowflake Native App.
From Snowflake Marketplace
- Navigate to the Snowflake Marketplace in Snowsight
- Search for Metatate
- Click Get to install the application
- Grant the required privileges when prompted:
BIND SERVICE ENDPOINT— for public ingress URLsCREATE COMPUTE POOL— for container servicesSNOWFLAKE.CORTEX_USERdatabase role — for Snowflake Cortex AI
Initial Setup
After installation, open the app from the Apps section in Snowsight. The Metatate Launcher (Streamlit) will guide you through initial setup:
1. Grant Privileges
The app requests two account privileges and one Snowflake database role during installation:
| Privilege | Purpose |
|---|---|
BIND SERVICE ENDPOINT | Create public ingress URLs for the web UI |
CREATE COMPUTE POOL | Create compute pools for container services |
SNOWFLAKE.CORTEX_USER database role | Enable Cortex AI features |
2. Configure References
The app uses Snowflake's reference system for controlled access:
| Reference | Type | Purpose | Required |
|---|---|---|---|
DATABASE_CATALOG | TABLE (multi-valued) | Tables you want to govern | Recommended |
APP_WAREHOUSE | WAREHOUSE | Query execution and MCP server | Recommended |
You can add table references at any time. Start with a few tables and expand as needed.
3. Start Services
The launcher creates two compute pools and starts the container services:
- Frontend compute pool —
CPU_X64_XS, runs the React UI + nginx router - Backend compute pool —
CPU_X64_XS, runs the Flask API server
Services typically start within 2-3 minutes.
4. Configure Tenant
Enter your organization name and optional details. This is stored in app_data.tenant_config within your account.
Accessing the App
Once setup is complete, access Metatate through:
- Snowsight — Apps → Metatate → Click the app URL
- Direct URL — The ingress URL shown in the launcher (
https://<id>-<account>.snowflakecomputing.app)
Granting Access to Users
Grant application roles to users who need access:
-- Full admin access (setup, configuration, all features)
GRANT APPLICATION ROLE app_admin TO ROLE <your_role>;
-- Standard user access (policies, catalog, governance)
GRANT APPLICATION ROLE app_user TO ROLE <your_role>;
Next Steps
- Quick Start — Create your first policy in 5 minutes