SNOWFLAKE.ACCOUNT_USAGE is a schema inside the Snowflake-provided shared SNOWFLAKE database that retains every kind of metadata, usage history, and audit log within your account for up to 365 days. It centralizes information that is essential for operational monitoring and governance — query history, login history, storage usage, credit consumption, access auditing, and more.
| View | Description | Retention | Latency |
|---|---|---|---|
| QUERY_HISTORY | Execution history of every query (SQL text, runtime, bytes, etc.) | 365 days | Up to 45 min |
| LOGIN_HISTORY | Login attempt records (success/failure, IP, client) | 365 days | Up to 2 hr |
| STORAGE_USAGE | Daily storage usage (Active / Time Travel / Fail-safe) | 365 days | Up to 3 hr |
| WAREHOUSE_METERING_HISTORY | Warehouse credit consumption history | 365 days | Up to 3 hr |
| ACCESS_HISTORY | Column-level data access auditing | 365 days | Up to 3 hr |
| TABLES | Metadata for all tables (row count, size, clustering, etc.) | 365 days after drop | Up to 3 hr |
| COLUMNS | Column definition information for every column | 365 days after drop | Up to 2 hr |
| GRANTS_TO_ROLES | History of privileges granted to roles | 365 days | Up to 2 hr |
| GRANTS_TO_USERS | History of roles granted to users | 365 days | Up to 2 hr |
| DATA_TRANSFER_HISTORY | Cross-region data transfer history | 365 days | Up to 2 hr |
| Aspect | ACCOUNT_USAGE | INFORMATION_SCHEMA |
|---|---|---|
| Data source | SNOWFLAKE shared database | Schema inside each database |
| Retention | 365 days (1 year) | 7-14 days (varies by table function) |
| Data latency | 45 min - 3 hr | None (real-time) |
| Scope | Entire account | Containing database only |
| Dropped objects | Included (for 365 days) | Not included |
| Required privilege | IMPORTED PRIVILEGES on SNOWFLAKE DB | Privilege on the target object |
| Access pattern | Plain SELECT (regular views) | Table functions (TABLE() syntax) |
-- ACCOUNTADMINで監視用ロールにアクセスを許可
USE ROLE ACCOUNTADMIN;
CREATE ROLE IF NOT EXISTS monitoring_role;
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE
TO ROLE monitoring_role;
-- 監視担当ユーザーにロールを付与
GRANT ROLE monitoring_role TO USER monitoring_user;-- 過去7日間で最もコストの高いクエリ TOP 20
SELECT
query_id,
user_name,
warehouse_name,
warehouse_size,
execution_time / 1000 AS exec_sec,
bytes_scanned / POWER(1024, 3) AS gb_scanned,
partitions_scanned,
partitions_total,
ROUND(partitions_scanned / NULLIF(partitions_total, 0) * 100, 1) AS scan_pct,
query_text
FROM SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY
WHERE start_time >= DATEADD(DAY, -7, CURRENT_TIMESTAMP())
AND execution_status = 'SUCCESS'
AND warehouse_name IS NOT NULL
ORDER BY execution_time DESC
LIMIT 20;
-- ユーザー別クエリ実行統計
SELECT
user_name,
COUNT(*) AS total_queries,
AVG(execution_time) / 1000 AS avg_exec_sec,
SUM(bytes_scanned) / POWER(1024, 4) AS tb_scanned,
SUM(credits_used_cloud_services) AS cloud_credits
FROM SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY
WHERE start_time >= DATEADD(DAY, -30, CURRENT_TIMESTAMP())
GROUP BY user_name
ORDER BY total_queries DESC;-- ログイン失敗の検出(不正アクセスの兆候)
SELECT
user_name,
client_ip,
reported_client_type,
error_code,
error_message,
event_timestamp
FROM SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY
WHERE is_success = 'NO'
AND event_timestamp >= DATEADD(DAY, -7, CURRENT_TIMESTAMP())
ORDER BY event_timestamp DESC;
-- ユーザー別ログインパターン分析
SELECT
user_name,
COUNT_IF(is_success = 'YES') AS success_count,
COUNT_IF(is_success = 'NO') AS fail_count,
COUNT(DISTINCT client_ip) AS distinct_ips,
LISTAGG(DISTINCT reported_client_type, ', ') AS client_types
FROM SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY
WHERE event_timestamp >= DATEADD(DAY, -30, CURRENT_TIMESTAMP())
GROUP BY user_name
HAVING fail_count > 5
ORDER BY fail_count DESC;-- ストレージ使用量の推移(日次)
SELECT
usage_date,
ROUND(storage_bytes / POWER(1024, 4), 2) AS active_tb,
ROUND(failsafe_bytes / POWER(1024, 4), 2) AS failsafe_tb,
ROUND(stage_bytes / POWER(1024, 4), 2) AS stage_tb
FROM SNOWFLAKE.ACCOUNT_USAGE.STORAGE_USAGE
WHERE usage_date >= DATEADD(MONTH, -3, CURRENT_DATE())
ORDER BY usage_date;-- ウェアハウス別の日次クレジット消費
SELECT
start_time::DATE AS usage_date,
warehouse_name,
SUM(credits_used) AS total_credits
FROM SNOWFLAKE.ACCOUNT_USAGE.WAREHOUSE_METERING_HISTORY
WHERE start_time >= DATEADD(MONTH, -1, CURRENT_TIMESTAMP())
GROUP BY 1, 2
ORDER BY total_credits DESC;-- 過去30日間の権限変更履歴
SELECT
created_on,
privilege,
granted_on,
name AS object_name,
granted_to,
grantee_name,
granted_by
FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES
WHERE created_on >= DATEADD(DAY, -30, CURRENT_TIMESTAMP())
AND deleted_on IS NULL
ORDER BY created_on DESC;Security & Governance
問題 1
A security team wants to analyze 90 days of failed login history to detect signs of unauthorized access. Using the INFORMATION_SCHEMA.LOGIN_HISTORY() table function, they could not retrieve data older than 14 days. Which is the most appropriate response?
正解: B
INFORMATION_SCHEMA table functions are limited to 7-14 days of retention, so 90-day-old data cannot be retrieved. The SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY view retains 365 days of history and easily covers a 90-day analysis. Option A's DATA_RETENTION_TIME_IN_DAYS is a Time Travel parameter and does not affect INFORMATION_SCHEMA retention. Option C is invalid because Time Travel does not apply to INFORMATION_SCHEMA.
Why is ACCOUNT_USAGE data delayed?
Views in the ACCOUNT_USAGE schema are aggregated and optimized in the Cloud Services Layer before being written to the SNOWFLAKE shared database, which introduces a delay of up to 45 minutes to 2 hours (depending on the view) from the actual event. For example, QUERY_HISTORY has up to 45 minutes of latency, LOGIN_HISTORY up to 2 hours, and STORAGE_USAGE up to 3 hours. If you need near-real-time information, use the INFORMATION_SCHEMA table functions — but note that INFORMATION_SCHEMA retention is limited to 7-14 days.
Which role is required to access ACCOUNT_USAGE?
By default, only the ACCOUNTADMIN role can access the SNOWFLAKE.ACCOUNT_USAGE schema. To grant access to another role, run GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE <role_name> as ACCOUNTADMIN. For security reasons, the recommended pattern is to create a dedicated monitoring role with access to only the required views, rather than handing out ACCOUNTADMIN to every user.
What is the difference between ORGANIZATION_USAGE and ACCOUNT_USAGE?
ACCOUNT_USAGE exposes metadata and usage history for a single account, while ORGANIZATION_USAGE aggregates usage across every account in an Organization. ORGANIZATION_USAGE includes views such as USAGE_IN_CURRENCY_DAILY (daily spend in currency) and WAREHOUSE_METERING_HISTORY (warehouse credits across all accounts), and is used for organization-wide cost management and chargeback. It is accessible only with the ORGADMIN role.
Practice with certification-focused question sets
無料で問題を解いてみるNicheeLab Editorial Team
NicheeLab editorial team focused on data engineering and cloud certification learning. Content is structured around practical study needs and official exam domains.
Snowflake Certifications: All 11 Exams Explained (2026)
Every SnowPro certification — Associate, Core, Specialty, Ad...
Snowflake Exam Difficulty Ranking: All 11 Certs Compared (2026)
All 11 SnowPro exams ranked by difficulty with study-time es...
Snowflake Study Guide: Fastest Pass Route by Exam (2026)
How to pass SnowPro certifications efficiently — official ma...
SnowPro Core (COF-C03): Complete Exam Guide (2026)
Pass the SnowPro Core exam — six domains, scope, sample ques...
SnowPro Associate Platform (SOL-C01): Complete Guide (2026)
The entry-level SnowPro Associate exam — scope, weighting, s...