Skip to content
42Forms

Snowflake Integration

42Forms runs entirely within your Snowflake account as a Native App via Snowpark Container Services (SPCS). This guide covers how it integrates with Snowflake’s data, identity, and AI features.

Connections

Section titled “Connections”

In Native App mode, the Snowflake connection is auto-provisioned. No credentials are needed - the app uses the SPCS runtime OAuth token for authentication.

Key behaviors:

  • The native connection is created automatically on first use
  • It uses the app’s service identity for metadata queries (browsing databases, schemas, tables)
  • Per-user data access is enforced through Restricted Caller Rights (see below)

Restricted Caller Rights (RCR)

Section titled “Restricted Caller Rights (RCR)”

42Forms uses RCR to run data queries as the signed-in user rather than the app’s service identity. This means:

  • Row access policies are enforced per-user
  • Dynamic data masking is applied per-user
  • Object-level grants are respected - users only see tables their Snowflake role can access

Granting Caller Rights

Section titled “Granting Caller Rights”

For each database you want accessible through 42Forms, run as ACCOUNTADMIN:

GRANT CALLER USAGE ON DATABASE MY_DATABASE TO APPLICATION FORTY_TWO_FORMS_APP;
GRANT INHERITED CALLER USAGE ON ALL SCHEMAS IN DATABASE MY_DATABASE TO APPLICATION FORTY_TWO_FORMS_APP;
GRANT INHERITED CALLER SELECT ON ALL TABLES IN DATABASE MY_DATABASE TO APPLICATION FORTY_TWO_FORMS_APP;
GRANT INHERITED CALLER SELECT ON ALL VIEWS IN DATABASE MY_DATABASE TO APPLICATION FORTY_TWO_FORMS_APP;
GRANT INHERITED CALLER SELECT, REFERENCES ON ALL SEMANTIC VIEWS IN DATABASE MY_DATABASE TO APPLICATION FORTY_TWO_FORMS_APP;

And grant warehouse access (once, not per database):

GRANT CALLER USAGE ON WAREHOUSE FORTY_TWO_FORMS_WH TO APPLICATION FORTY_TWO_FORMS_APP;

Enabling Write-Back

Section titled “Enabling Write-Back”

To allow writing form submissions back to Snowflake tables:

GRANT INHERITED CALLER INSERT, UPDATE, DELETE
  ON ALL TABLES IN DATABASE MY_DATABASE
  TO APPLICATION FORTY_TWO_FORMS_APP;

Shared / Imported Databases

Section titled “Shared / Imported Databases”

Caller grants are not supported on shared or imported databases (e.g., SNOWFLAKE_SAMPLE_DATA). 42Forms auto-detects this and falls back to the service connection. Per-user RBAC is not enforced for shared databases - all users see the same data.

Data Sync

Section titled “Data Sync”

Import (Snowflake → 42Forms)

Section titled “Import (Snowflake → 42Forms)”

Connect a project to a Snowflake table to import data as submissions. Two modes:

  • Virtual Rows (Streaming): data stays in Snowflake, queried on-demand. Rows materialize locally only when edited. Best for large tables. See Virtual Submissions.
  • Full Import: all rows copied to local Hybrid Tables. Best when you need full local control.

Export (42Forms → Snowflake)

Section titled “Export (42Forms → Snowflake)”

Write submission data back to a Snowflake table. Uses atomic swap (staging table → rename) to avoid partial writes. The exported table includes metadata columns (_42FORMS_ID, _42FORMS_PARTITION, _42FORMS_STATUS, timestamps).

Column Mappings

Section titled “Column Mappings”

Each sync config stores a JSON column mapping between form fields and Snowflake columns. Mappings are configured during project creation (auto-suggested by AI) or manually in project settings.

Cortex AI

Section titled “Cortex AI”

42Forms uses Snowflake Cortex for AI-powered features:

  • Form generation: analyze table columns to suggest field types, sections, and layout
  • Column mapping: suggest mappings between Snowflake columns and form fields
  • Rule generation: generate conditional visibility rules from natural language prompts
  • Chat assistant: context-aware chat with form and submission data

A dedicated warehouse (FORTY_TWO_FORMS_WH, XSmall) is created for Cortex calls. Cross-region Cortex is enabled automatically when available.

Semantic Views

Section titled “Semantic Views”

Cortex Analyst semantic views define logical tables with dimensions, facts, metrics, and relationships. 42Forms can import these to create multi-project hierarchies with one click.

The import process:

  1. Browse to a semantic view in the Object Explorer
  2. Preview the logical tables and their columns
  3. AI generates a form layout for each table
  4. Projects are created with relationships automatically wired via join keys

For example, a TPCH_ANALYSIS semantic view with Customers → Orders → Line Items creates three projects with nested form sections linking them.

Object Explorer

Section titled “Object Explorer”

The built-in Object Explorer provides a hierarchical tree for browsing your Snowflake account:

  • DatabasesSchemasTables, Views, Semantic Views
  • Data loads on-demand as you expand (cached for 5 minutes)
  • Respects Caller Rights - each user sees only objects their Snowflake role can access
  • Appears in the New Project wizard, Import/Export dialogs, and Settings pages

Best Practices

Section titled “Best Practices”
  • Use row access policies on sensitive tables to enforce per-user data visibility
  • Use dynamic data masking to protect PII/PHI columns - masking applies transparently through forms
  • Audit access via Snowflake’s ACCESS_HISTORY view - 42Forms queries appear as user queries since they execute under the user’s identity
  • Principle of least privilege: grant caller access only to databases users need
  • Document your caller grants in a runbook for quick re-application after upgrades