Create multi-cloud accounts for replication and failover
An organization is a first-class Snowflake object that links the accounts owned by your business entity. Organizations simplify account management and billing, Database Replication and Failover/Failback, Snowflake Secure Data Sharing, and other account administration tasks.
This feature allows organization administrators to view, create, and manage all of your accounts across different regions and cloud platforms.
The organization administrator (ORGADMIN) system role is responsible for managing operations at the organization level.
A user with the ORGADMIN role can perform the following actions:
- Create an account in the organization. For more information, see Creating an Account.
- View/show all accounts within the organization. For more information, see Viewing a List of Organization Accounts.
- View/show a list of regions enabled for the organization. For more information, see Viewing a List of Regions Available for Your Organization.
- View usage information for all accounts in the organization. For more information, see Organization Usage.
- Enable database replication for an account in the organization. For more information, see Prerequisite: Enable Replication for Accounts in the Organization.
Note
Once an account is created, ORGADMIN can view the account properties but does not have access to the account data.
Enabling the ORGADMIN Role for an Account
The ORGADMIN role is enabled for at least one account in an organization.
Because users with the ACCOUNTADMIN role can assign the ORGADMIN role to themselves or another user, it is recommended that only one account in the organization have the ORGADMIN role enabled in order to tightly control who can act as an organization administrator. If you want to enable the ORGADMIN role for an additional account, contact Snowflake Support.
Assigning the ORGADMIN Role to a User or Role
Once enabled in an account, the ORGADMIN role can be granted to any user or role in the account by an ACCOUNTADMIN using the GRANT ROLE command. For more information about system roles and best practices for managing access control, see Access Control Considerations.
Examples
— Assume the ACCOUNTADMIN role
use role accountadmin;
— Grant the ORGADMIN role to a user
grant role orgadmin to user <user_name>;
— Grant ORGADMIN to a role
grant role orgadmin to role <role_name>;
Show Organization Name and Accounts
Display the name of your organization and its accounts using Snowsight:
Change role to ORGADMIN » Admin » Accounts.
Display the name of your organization and its accounts using a SQL script:
SHOW ORGANIZATION ACCOUNTS:
The result set from SHOW ORGANIZATION ACCOUNTS displays sixteen columns. If you want to display a subset of these columns, change the order, or use an ORDER BY predicate you can use the RESULT_SCAN function, which treats the output as a table that can be queried. For example, to return only four specific columns, run the following two statements sequentially exactly like this:
SHOW ORGANIZATION ACCOUNTS;
SELECT “account_name”
,”snowflake_region”
,”comment”
,”managed_accounts”
FROM TABLE(RESULT_SCAN(LAST_QUERY_ID()));
Changing the Name of Your Organization
If you want to change the name of an organization, for example to change a system-generated name to a more user-friendly one, contact Snowflake Support.
The name of an organization cannot contain more than 10 characters.
Users can create additional accounts that belong to the organization.
Consider creating additional accounts in a different geographic region, and on a different cloud provider for improving your business continuity plan.
Use SHOW REGIONS to list all the regions in which accounts can be created:
SHOW REGIONS;
Create a new account using Snowsight:
Snowsight » Admin » Accounts » + Account
Create a new account using a script:
CREATE ACCOUNT “ACCOUNTNAME”
ADMIN_NAME = ‘USERNAME’
ADMIN_PASSWORD = ‘****************’
FIRST_NAME = ‘First’
LAST_NAME = ‘Last’
EMAIL = ‘first.last@your_company.com’
MUST_CHANGE_PASSWORD = FALSE
EDITION = BUSINESS_CRITICAL
REGION_GROUP = PUBLIC
REGION = AWS_US_EAST_1
COMMENT = ‘N. VIRGINIA’;
You can rename accounts using the ALTER ACCOUNT command:
ALTER ACCOUNT OLD_NAME RENAME TO NEW_NAME;
ALTER ACCOUNT OLD_NAME RENAME TO NEW_NAME SAVE_OLD_URL = FALSE;
Organization administrators cannot rename an account while they are logged in to it, so they must log in to a different account before executing the ALTER ACCOUNT command. If your organization consists of a single account that needs to be renamed, contact Snowflake Support.
SAVE_OLD_URL
Optional parameter used in conjunction with RENAME TO that preserves the account URL used to access Snowflake prior to renaming. By default, Snowflake saves the original URL, which means you can access the account with either the old URL or the URL that contains the new account name. When set to FALSE, you must use the new URL to access the account.
Default TRUE
Note
Changing the account comment is currently not possible, it can only be set during account creation. There is an internal request to modify the comment in the future.
It can be helpful to rename an organization and accounts to something that is meaningful instead of the system generated names. I hope these tips help you and your organization.
URL links change over time. If you find any links that need to be updated PLEASE let me know, you’ll be helping others in the process. Thank you, Tim.
tim.spreitzer@right-triangle.com