Organization accounts¶

The organization account is a special type of account that organization administrators use to perform tasks that affect the entire organization. For example, administrators use the organization account to do the following:

View organization-level data collected from all accounts in the organization, including the query history from each account.
Enable Snowflake Marketplace terms for the entire organization.
Manage the lifecycle of accounts in an organization, including creating and deleting accounts.
Enable replication for an account.

There is only one organization account for an organization.

Premium views¶

The ORGANIZATION_USAGE schema in the organization account contains views that are not available in the ORGANIZATION_USAGE schema of a regular account. These additional views are called premium views. These premium views provide organization-level data that is not otherwise available in a single view. For example, the TAG_REFERENCES premium view lets you query how tags are used throughout the organization, not just in a specific account.

For more information, including costs associated with premium views, see Premium views in the organization account.

About administrator roles and assignable privileges¶

Organization administrators use the GLOBALORGADMIN role in the organization account to perform all organization-level tasks, including administration of the organization account itself.

Note

Before the introduction of the organization account, organization administrators used the ORGADMIN role in an ORGADMIN-enabled account to perform organization-level tasks. Using the ORGADMIN role in an ORGADMIN-enabled account is being phased out. Use the GLOBALORGADMIN role in the organization account to perform organization-level tasks.

Snowflake will send a notification email to customers at least three months prior to phasing out the ORGADMIN role.

The GLOBALORGADMIN role can assign privileges to other roles to let other users perform organization-level tasks. In the organization account, the GLOBALORGADMIN role can assign the following privileges:

APPLY TAG
MANAGE ACCOUNTS
MANAGE LISTING AUTO FULFILLMENT
MANAGE ORGANIZATION CONTACTS
MANAGE ORGANIZATION TERMS
PURCHASE DATA EXCHANGE LISTING

These privileges are set on the account level. For example, to assign the MANAGE ACCOUNTS privilege to the role custom_role, execute the following:

USE ROLE GLOBALORGADMIN;

GRANT MANAGE ACCOUNTS ON ACCOUNT TO custom_role;

Copy

For more information about these privileges, see Access control privileges.

Create the organization account¶

Note

Creating the organization account results in the ORGANIZATION_USAGE schema being populated with data, which incurs additional costs for your organization.

To create the organization account:

Choose an existing account from which you will create the organization account. This existing account must have the ORGADMIN role enabled.
Sign in to the account you are using to create the organization account.
Switch to the ORGADMIN role. For example:
```
USE ROLE ORGADMIN;
```
Copy

Execute the CREATE ORGANIZATION ACCOUNT command. For example:

CREATE ORGANIZATION ACCOUNT myorgaccount
    ADMIN_NAME = admin
    ADMIN_PASSWORD = 'TestPassword1'
    EMAIL = 'myemail@myorg.org'
    MUST_CHANGE_PASSWORD = true
    EDITION = enterprise;

Copy

Note

Snowflake does not support custom account locators for organization accounts. For alternatives, contact your Snowflake representative.

Delete the organization account¶

If you need to delete the organization account, contact Snowflake Support.

Note

New functionality in Snowflake that includes organization-level administrative tasks will require an organization account. If you are concerned about the costs associated with premium views, contact Snowflake Support to request that they be disabled instead of deleting the account.

Move the organization account to a different region¶

You can move an organization account between regions as long as those regions are in either the PUBLIC region group or a VPS region group.

Snowflake uses replication groups to move objects from the organization account in the source region to the organization account in the new region. As a result, only objects that can be replicated are moved with the organization account and there are replication costs associated with the move. For a list of objects that can be moved with the organization account, see Replicated objects.

Moving the organization account to a different region is a two-step process:

Call the SYSTEM$INITIATE_MOVE_ORGANIZATION_ACCOUNT function from the organization account to start the process of moving it. Snowflake begins replicating objects to the new region.

The function accepts a temporary account name, the new region, and a list of objects to move as its arguments. For example:
```
CALL SYSTEM$INITIATE_MOVE_ORGANIZATION_ACCOUNT(
  'MY_TEMP_NAME',
  'aws_us_west_2',
  'ALL');
```
Copy
When you have verified that the data in the organization account has been successfully replicated in the new region, call the SYSTEM$COMMIT_MOVE_ORGANIZATION_ACCOUNT function to finalize the move, specifying a grace period after which the original organization account is deleted.

For example, the following call finalizes the move, and specifies that the original organization account in the source region will be deleted after 14 days.
```
CALL SYSTEM$COMMIT_MOVE_ORGANIZATION_ACCOUNT(14);
```
Copy

At any point, you can view the status of an attempt to move an organization account by calling the SYSTEM$SHOW_MOVE_ORGANIZATION_ACCOUNT_STATUS function.

Note

When an organization account is moved, the views in the ORGANIZATION_USAGE schema must be repopulated with data, a process that can take up to one week.

Limitations¶

Currently, the organization account cannot be replicated.