Area: Ingestion Issues
Sub-Area: Snowflake Source Configuration & Permissions
Issue
When a new Snowflake database is added to an existing ingestion source in DataHub, schemas and tables from that database may not appear after ingestion completes. This typically occurs because the DataHub service account role has not been granted the necessary USAGE permissions on the newly added database and its schemas. Without these grants, Snowflake's INFORMATION_SCHEMA.SCHEMATA does not return the schemas to the connector, so DataHub never discovers or indexes them. Assets that appear to exist in DataHub for the missing database may actually be "shell" entities created by an upstream tool (such as dbt) referencing Snowflake objects — not the result of direct Snowflake ingestion.
Error Messages
No schemas found in databaseschema_pattern denied
You Might Be Asking
- Why are most schemas in my Snowflake database missing from DataHub after ingestion?
- Why does DataHub show some assets for a Snowflake database, but most schemas are absent?
- How do I grant the correct Snowflake permissions to the DataHub service account for a new database?
- Could "shell" entities from dbt be masking a missing Snowflake ingestion?
Solution
-
Distinguish shell entities from ingested assets.
Before troubleshooting ingestion, confirm whether the assets visible in DataHub for the database were actually ingested by the Snowflake source. If a dbt ingestion run references a Snowflake table that does not yet exist in DataHub, DataHub creates a "shell" (placeholder) entity for that asset. Check the ingestion run history for your Snowflake source and verify whether any assets from the database in question were actually pulled in during a Snowflake ingestion run.
-
Verify current grants on the DataHub service account role.
In Snowflake, run the following query as an account administrator to inspect what permissions the DataHub ingestion role currently holds:
SHOW GRANTS TO ROLE DATAHUB_ROLE;Review the output for
USAGEgrants on the target database and its schemas. If they are absent, proceed to the next step. -
Grant the required permissions on the new database.
Follow the official DataHub Snowflake prerequisites and apply the necessary grants. At minimum, grant
USAGEon the database itself, on all existing schemas, and on future schemas so that newly created schemas are automatically accessible:-- Grant USAGE on the database GRANT USAGE ON DATABASE "<your-database>" TO ROLE DATAHUB_ROLE; -- Grant USAGE on all existing schemas in the database GRANT USAGE ON ALL SCHEMAS IN DATABASE "<your-database>" TO ROLE DATAHUB_ROLE; -- Grant USAGE on any future schemas created in the database GRANT USAGE ON FUTURE SCHEMAS IN DATABASE "<your-database>" TO ROLE DATAHUB_ROLE; -- Grant SELECT on all existing tables (required for column-level metadata) GRANT SELECT ON ALL TABLES IN DATABASE "<your-database>" TO ROLE DATAHUB_ROLE; -- Grant SELECT on future tables GRANT SELECT ON FUTURE TABLES IN DATABASE "<your-database>" TO ROLE DATAHUB_ROLE; -
Check for schema pattern filters in the ingestion recipe.
While reviewing permissions, also inspect the ingestion recipe YAML for any
schema_patternconfiguration that may be silently excluding schemas. A narrowallowlist or an overly broaddenypattern will cause schemas to be dropped without error. Example of a potentially restrictive configuration:source: type: snowflake config: schema_pattern: allow: - "PUBLIC" - "SPECIFIC_SCHEMA" # all other schemas will be dropped deny: - ".*_TEMP.*" # schemas matching this pattern will be excludedIf
match_fully_qualified_names: trueis set, ensure patterns use the fully qualified formatDATABASE_NAME.SCHEMA_NAMErather than justSCHEMA_NAME. -
Re-trigger the ingestion run and verify results.
After permissions have been granted, navigate to DataHub > Ingestion, select the relevant Snowflake source, and manually trigger a new ingestion run. Monitor the run logs for any remaining errors. Confirm that schemas and tables from the newly added database now appear in DataHub search and browse.
Additional Notes
The root cause in the vast majority of "missing schemas" cases is a partial or missing USAGE grant — not a product bug. The Snowflake connector discovers schemas by querying INFORMATION_SCHEMA.SCHEMATA; if the ingestion role lacks USAGE on a schema, Snowflake simply omits that schema from query results and the connector never becomes aware of it. No warning is emitted in this case. The pattern of some schemas present and most absent is characteristic of a partial permissions grant (e.g., USAGE granted on some schemas but not others). Additionally, note that assets appearing in DataHub that were sourced from a dbt run — rather than from the Snowflake connector — will not be updated or enriched by re-running Snowflake ingestion unless the Snowflake service account has the correct access. Always verify the ingestion source that originally created an asset before assuming Snowflake ingestion is responsible.
Related Documentation
- Snowflake Ingestion Source — Prerequisites & Permission Setup
- Snowflake Ingestion Source — Full Configuration Reference
- DataHub Cloud — Managed Ingestion Overview
Tags: snowflake, ingestion, permissions, service-account, missing-schemas, USAGE-grant, schema-discovery, snowflake-role, ingestion-recipe, schema-pattern