Access History

This topic documents how to use the ACCESS_HISTORY view to evaluate Snowflake objects.

In this Topic:

Understanding Access History

Access History in Snowflake refers to whether the user query reads column data. Snowflake does not record write operations. The user Access History can be found in the Access_History View (in this topic).

Each row in the ACCESS_HISTORY view contains a single record per query and describes the columns the query accessed directly (i.e. the base table) and indirectly (i.e. derived objects, such as views). These records facilitate regulatory compliance auditing and provide insights on popular and frequently accessed tables and columns since there is a direct link between the user (i.e. query operator), the query, the table or view, the column, and the data.

Additional use cases for the ACCESS_HISTORY view include:

  • Discovering unused data to determine whether to archive or delete the data.

  • Validating data changes to notify users prior to dropping or altering a given table or view.

  • Auditing data access to comply with regulatory requirements and data governance initiatives.

ACCESS_HISTORY View

The Access History Account Usage view can be used to query the access history of Snowflake objects (e.g. table, view, column) within the last 365 days (1 year).

To obtain the user access history, query the ACCESS_HISTORY View.

Write Operations in the ACCESS_HISTORY View

Snowflake supports write operations in the ACCESS_HISTORY view as a preview feature. This preview provides the following updates:

  • The introduction of a a new column, OBJECTS_MODIFIED, to specify the target data object that is affected by the write operation.

  • When accessing a stage using a write operation, Snowflake updates the BASE_OBJECTS_ACCESSED and the DIRECT_OBJECTS_ACCESSED columns, as appropriate, to indicate the stage access.

The OBJECTS_MODIFIED column is only available to customers participating in the preview. The view populates with data once your Snowflake account is enabled to use the feature. To verify the preview start date, please contact Snowflake Support.

For more information about this preview, see the Snowflake Behavior Change Log.

Enabling the Preview

This preview is bound to the 2021_10 behavior change bundle. To enable the preview, call the SYSTEM$ENABLE_BEHAVIOR_CHANGE_BUNDLE function. For example:

select system$enable_behavior_change_bundle('2021_10');

Important

If you decide to enable the bundle, query the ACCESS_HISTORY view for write operations, and then decide to disable the bundle, Snowflake hides the OBJECTS_MODIFIED column and preserves the write operation records that took place since enabling the preview.

The information associated with accessing a stage in the BASE_OBJECTS_ACCESSED and DIRECT_OBJECTS_ACCESSED columns as part of a write operation remains visible after disabling the bundle.