Snowflake

Snowflake ACCOUNT_USAGE Complete Guide

2026-03-26
更新: 2026-03-27
NicheeLab Editorial Team

SNOWFLAKE.ACCOUNT_USAGE is a schema inside the Snowflake-provided shared SNOWFLAKE database that retains every kind of metadata, usage history, and audit log within your account for up to 365 days. It centralizes information that is essential for operational monitoring and governance — query history, login history, storage usage, credit consumption, access auditing, and more.

Key Views at a Glance

ViewDescriptionRetentionLatency
QUERY_HISTORYExecution history of every query (SQL text, runtime, bytes, etc.)365 daysUp to 45 min
LOGIN_HISTORYLogin attempt records (success/failure, IP, client)365 daysUp to 2 hr
STORAGE_USAGEDaily storage usage (Active / Time Travel / Fail-safe)365 daysUp to 3 hr
WAREHOUSE_METERING_HISTORYWarehouse credit consumption history365 daysUp to 3 hr
ACCESS_HISTORYColumn-level data access auditing365 daysUp to 3 hr
TABLESMetadata for all tables (row count, size, clustering, etc.)365 days after dropUp to 3 hr
COLUMNSColumn definition information for every column365 days after dropUp to 2 hr
GRANTS_TO_ROLESHistory of privileges granted to roles365 daysUp to 2 hr
GRANTS_TO_USERSHistory of roles granted to users365 daysUp to 2 hr
DATA_TRANSFER_HISTORYCross-region data transfer history365 daysUp to 2 hr

ACCOUNT_USAGE vs INFORMATION_SCHEMA Comparison

AspectACCOUNT_USAGEINFORMATION_SCHEMA
Data sourceSNOWFLAKE shared databaseSchema inside each database
Retention365 days (1 year)7-14 days (varies by table function)
Data latency45 min - 3 hrNone (real-time)
ScopeEntire accountContaining database only
Dropped objectsIncluded (for 365 days)Not included
Required privilegeIMPORTED PRIVILEGES on SNOWFLAKE DBPrivilege on the target object
Access patternPlain SELECT (regular views)Table functions (TABLE() syntax)

Granting Access

-- ACCOUNTADMINで監視用ロールにアクセスを許可
USE ROLE ACCOUNTADMIN;

CREATE ROLE IF NOT EXISTS monitoring_role;

GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE
  TO ROLE monitoring_role;

-- 監視担当ユーザーにロールを付与
GRANT ROLE monitoring_role TO USER monitoring_user;

QUERY_HISTORY Examples

-- 過去7日間で最もコストの高いクエリ TOP 20
SELECT
  query_id,
  user_name,
  warehouse_name,
  warehouse_size,
  execution_time / 1000 AS exec_sec,
  bytes_scanned / POWER(1024, 3) AS gb_scanned,
  partitions_scanned,
  partitions_total,
  ROUND(partitions_scanned / NULLIF(partitions_total, 0) * 100, 1) AS scan_pct,
  query_text
FROM SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY
WHERE start_time >= DATEADD(DAY, -7, CURRENT_TIMESTAMP())
  AND execution_status = 'SUCCESS'
  AND warehouse_name IS NOT NULL
ORDER BY execution_time DESC
LIMIT 20;

-- ユーザー別クエリ実行統計
SELECT
  user_name,
  COUNT(*) AS total_queries,
  AVG(execution_time) / 1000 AS avg_exec_sec,
  SUM(bytes_scanned) / POWER(1024, 4) AS tb_scanned,
  SUM(credits_used_cloud_services) AS cloud_credits
FROM SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY
WHERE start_time >= DATEADD(DAY, -30, CURRENT_TIMESTAMP())
GROUP BY user_name
ORDER BY total_queries DESC;

LOGIN_HISTORY Examples

-- ログイン失敗の検出(不正アクセスの兆候)
SELECT
  user_name,
  client_ip,
  reported_client_type,
  error_code,
  error_message,
  event_timestamp
FROM SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY
WHERE is_success = 'NO'
  AND event_timestamp >= DATEADD(DAY, -7, CURRENT_TIMESTAMP())
ORDER BY event_timestamp DESC;

-- ユーザー別ログインパターン分析
SELECT
  user_name,
  COUNT_IF(is_success = 'YES') AS success_count,
  COUNT_IF(is_success = 'NO') AS fail_count,
  COUNT(DISTINCT client_ip) AS distinct_ips,
  LISTAGG(DISTINCT reported_client_type, ', ') AS client_types
FROM SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY
WHERE event_timestamp >= DATEADD(DAY, -30, CURRENT_TIMESTAMP())
GROUP BY user_name
HAVING fail_count > 5
ORDER BY fail_count DESC;

STORAGE_USAGE Examples

-- ストレージ使用量の推移(日次)
SELECT
  usage_date,
  ROUND(storage_bytes / POWER(1024, 4), 2) AS active_tb,
  ROUND(failsafe_bytes / POWER(1024, 4), 2) AS failsafe_tb,
  ROUND(stage_bytes / POWER(1024, 4), 2) AS stage_tb
FROM SNOWFLAKE.ACCOUNT_USAGE.STORAGE_USAGE
WHERE usage_date >= DATEADD(MONTH, -3, CURRENT_DATE())
ORDER BY usage_date;

WAREHOUSE_METERING_HISTORY Examples

-- ウェアハウス別の日次クレジット消費
SELECT
  start_time::DATE AS usage_date,
  warehouse_name,
  SUM(credits_used) AS total_credits
FROM SNOWFLAKE.ACCOUNT_USAGE.WAREHOUSE_METERING_HISTORY
WHERE start_time >= DATEADD(MONTH, -1, CURRENT_TIMESTAMP())
GROUP BY 1, 2
ORDER BY total_credits DESC;

Privilege Auditing

-- 過去30日間の権限変更履歴
SELECT
  created_on,
  privilege,
  granted_on,
  name AS object_name,
  granted_to,
  grantee_name,
  granted_by
FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES
WHERE created_on >= DATEADD(DAY, -30, CURRENT_TIMESTAMP())
  AND deleted_on IS NULL
ORDER BY created_on DESC;

Operational Best Practices

  • Create a dedicated monitoring role and grant IMPORTED PRIVILEGES: avoid overusing ACCOUNTADMIN and stay aligned with the principle of least privilege.
  • Use INFORMATION_SCHEMA for real-time, ACCOUNT_USAGE for long-term analysis: reach for INFORMATION_SCHEMA table functions when latency is unacceptable (e.g. alerting), and lean on ACCOUNT_USAGE's 365-day window for trend analysis.
  • Automate scheduled reports with Dynamic Tables or Tasks: declare aggregations of QUERY_HISTORY and WAREHOUSE_METERING_HISTORY as Dynamic Tables, then surface them in Snowsight dashboards.
  • Manage multi-account cost with ORGANIZATION_USAGE: organizations running multiple accounts should consolidate credit consumption through ORGANIZATION_USAGE and generate chargeback reports from it.

Check Your Understanding

Security & Governance

問題 1

A security team wants to analyze 90 days of failed login history to detect signs of unauthorized access. Using the INFORMATION_SCHEMA.LOGIN_HISTORY() table function, they could not retrieve data older than 14 days. Which is the most appropriate response?

  1. Set DATA_RETENTION_TIME_IN_DAYS on INFORMATION_SCHEMA to 90 days
  2. Switch to the SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY view to retrieve the last 90 days of data
  3. Use Time Travel to query a past snapshot of INFORMATION_SCHEMA
  4. Manually export a CSV from the Snowsight activity log

正解: B

INFORMATION_SCHEMA table functions are limited to 7-14 days of retention, so 90-day-old data cannot be retrieved. The SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY view retains 365 days of history and easily covers a 90-day analysis. Option A's DATA_RETENTION_TIME_IN_DAYS is a Time Travel parameter and does not affect INFORMATION_SCHEMA retention. Option C is invalid because Time Travel does not apply to INFORMATION_SCHEMA.

Frequently Asked Questions

Why is ACCOUNT_USAGE data delayed?

Views in the ACCOUNT_USAGE schema are aggregated and optimized in the Cloud Services Layer before being written to the SNOWFLAKE shared database, which introduces a delay of up to 45 minutes to 2 hours (depending on the view) from the actual event. For example, QUERY_HISTORY has up to 45 minutes of latency, LOGIN_HISTORY up to 2 hours, and STORAGE_USAGE up to 3 hours. If you need near-real-time information, use the INFORMATION_SCHEMA table functions — but note that INFORMATION_SCHEMA retention is limited to 7-14 days.

Which role is required to access ACCOUNT_USAGE?

By default, only the ACCOUNTADMIN role can access the SNOWFLAKE.ACCOUNT_USAGE schema. To grant access to another role, run GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE <role_name> as ACCOUNTADMIN. For security reasons, the recommended pattern is to create a dedicated monitoring role with access to only the required views, rather than handing out ACCOUNTADMIN to every user.

What is the difference between ORGANIZATION_USAGE and ACCOUNT_USAGE?

ACCOUNT_USAGE exposes metadata and usage history for a single account, while ORGANIZATION_USAGE aggregates usage across every account in an Organization. ORGANIZATION_USAGE includes views such as USAGE_IN_CURRENCY_DAILY (daily spend in currency) and WAREHOUSE_METERING_HISTORY (warehouse credits across all accounts), and is used for organization-wide cost management and chargeback. It is accessible only with the ORGADMIN role.

Check what you learned with practice questions

Practice with certification-focused question sets

無料で問題を解いてみる
Author

NicheeLab Editorial Team

NicheeLab editorial team focused on data engineering and cloud certification learning. Content is structured around practical study needs and official exam domains.


Related articles
Snowflake

Snowflake Certifications: All 11 Exams Explained (2026)

Every SnowPro certification — Associate, Core, Specialty, Ad...

Snowflake

Snowflake Exam Difficulty Ranking: All 11 Certs Compared (2026)

All 11 SnowPro exams ranked by difficulty with study-time es...

Snowflake

Snowflake Study Guide: Fastest Pass Route by Exam (2026)

How to pass SnowPro certifications efficiently — official ma...

Snowflake

SnowPro Core (COF-C03): Complete Exam Guide (2026)

Pass the SnowPro Core exam — six domains, scope, sample ques...

Snowflake

SnowPro Associate Platform (SOL-C01): Complete Guide (2026)

The entry-level SnowPro Associate exam — scope, weighting, s...

Browse all Snowflake articles (103)
© 2026 NicheeLab All rights reserved.