Organization accounts¶

Premium views¶

The ORGANIZATION_USAGE schema in the organization account contains views that are not available in the ORGANIZATION_USAGE schema of a regular account. These additional views are called premium views. These premium views provide organization-level data that is not otherwise available in a single view. For example, the TAG_REFERENCES premium view lets you query how tags are used throughout the organization, not just in a specific account.

For more information, see Premium views in the organization account.

About administrator roles and assignable privileges¶

Organization administrators use the GLOBALORGADMIN role in the organization account to perform all organization-level tasks, including administration of the organization account itself.

The GLOBALORGADMIN role can assign privileges to other roles to let other users perform organization-level tasks. In the organization account, the GLOBALORGADMIN role can assign the following privileges:

• APPLY TAG

• MANAGE ACCOUNTS

• MANAGE LISTING AUTO FULFILLMENT

• MANAGE ORGANIZATION CONTACTS

• MANAGE ORGANIZATION TERMS

• PURCHASE DATA EXCHANGE LISTING

These privileges are set on the account level. For example, to assign the MANAGE ACCOUNTS privilege to the role custom_role, execute the following:

USE ROLE GLOBALORGADMIN;

GRANT MANAGE ACCOUNTS ON ACCOUNT TO custom_role;

For more information about these privileges, see Access control privileges.

Create the organization account¶

To create the organization account:

1. Choose an existing account from which you will create the organization account. This existing account must have the ORGADMIN role enabled.

2. Sign in to the account you are using to create the organization account.

3. Switch to the ORGADMIN role. For example:

   USE ROLE ORGADMIN;
   

   Copy

4. Execute the CREATE ORGANIZATION ACCOUNT command. For example:

   CREATE ORGANIZATION ACCOUNT myorgaccount
       ADMIN_NAME = admin
       ADMIN_PASSWORD = 'TestPassword1'
       EMAIL = 'myemail@myorg.org'
       MUST_CHANGE_PASSWORD = true
       EDITION = enterprise;
   

   Copy

Delete the organization account¶

If you need to delete the organization account, contact Snowflake Support.

Move the organization account to a different region¶

You can move an organization account between regions as long as those regions are in either the PUBLIC region group or a VPS region group.

Snowflake uses replication groups to move objects from the organization account in the source region to the organization account in the new region. As a result, only objects that can be replicated are moved with the organization account. For a list of objects that can be moved with the organization account, see Replicated objects.

Moving the organization account to a different region is a two-step process:

1. Call the SYSTEM$INITIATE_MOVE_ORGANIZATION_ACCOUNT function from the organization account to start the process of moving it. Snowflake begins replicating objects to the new region.

   The function accepts a temporary account name, the new region, and a list of objects to move as its arguments. For example:

   CALL SYSTEM$INITIATE_MOVE_ORGANIZATION_ACCOUNT(
     'MY_TEMP_NAME',
     'aws_us_west_2',
     'ALL');
   

   Copy

2. When you have verified that the data in the organization account has been successfully replicated in the new region, call the SYSTEM$COMMIT_MOVE_ORGANIZATION_ACCOUNT function to finalize the move, specifying a grace period after which the original organization account is deleted.

   For example, the following call finalizes the move, and specifies that the original organization account in the source region will be deleted after 14 days.

   CALL SYSTEM$COMMIT_MOVE_ORGANIZATION_ACCOUNT(14);
   

   Copy

At any point, you can view the status of an attempt to move an organization account by calling the SYSTEM$SHOW_MOVE_ORGANIZATION_ACCOUNT_STATUS function.

Limitations¶

Currently, the organization account cannot be replicated.