- Schema:
For guidance on query performance when using organization-wide usage views, see Performance (Organization Usage).
GRANTS_
Important
This view is only available in the organization account. For more information, see Premium views in the organization account.
Organization Usage performance
When you query a specific view in the SNOWFLAKE.ORGANIZATION_USAGE schema, follow the organization-wide guidance in
Performance (Organization Usage): bound every scan on history views, list
columns explicitly, and use the time filter column table plus worked SQL and anti-patterns there.
This Organization Usage view can be used to query the roles that have been granted to a user.
Columns¶
Organization-level columns
| Column Name | Data Type | Description |
|---|---|---|
| ORGANIZATION_NAME | VARCHAR | Name of the organization. |
| ACCOUNT_LOCATOR | VARCHAR | System-generated identifier for the account. |
| ACCOUNT_NAME | VARCHAR | User-defined identifier for the account. |
Additional columns
| Column Name | Data Type | Description |
|---|---|---|
| CREATED_ON | TIMESTAMP_LTZ | Time and date (in the UTC time zone) when the role is granted. |
| DELETED_ON | TIMESTAMP_LTZ | Time and date (in the UTC time zone) when the role is revoked. |
| ROLE | VARCHAR | Identifier for the role granted to the user. |
| GRANTED_TO | VARCHAR | For this view, the value is USER. |
| GRANTEE_NAME | VARCHAR | Name of the user to whom the privilege is granted. |
| GRANTED_BY | VARCHAR | Identifier for the role that granted the privilege. |
Usage notes¶
- Latency for the view may be up to 24 hours.
-
The GRANTS_TO_USERS view does not include grants of privileges and non-account roles to users. For that information, see the GRANTS_TO_ROLES view.
-
This view records current grants and historical grants, including grants that were revoked and granted again. When a single grant occurs and as long as it remains active (that is, not revoked):
- The view includes one row for the grant of the same role to the same user.
- A regrant of the same role to the same user is not recorded as a new row. Instead, the DELETED_ON column remains NULL while the grant is active.
-
When a grant is revoked from the user, the DELETED_ON column for the grant is updated from NULL to the timestamp when the grant was revoked.
-
After revoking the role from the user, a grant of the same role to the same user is recorded in a new row. In this new row, the DELETED_ON column value is NULL because the grant is now active.