Snowflake self-service accounts management using ORGADMIN
Large enterprises often have separate data warehouses for different accounts of the same business entity. There may be many different reasons, including:
- Having several autonomous business units within the organization
- Compliance requirements to separate some of the data from the rest (for example: having a dedicated data warehouse for EU subjects)
- M&A leftovers in which separate data warehouses are still needed for merged business units.
Whatever the reason is, it leads to an organization with several different Snowflake accounts.
Better Manageability
Recently, Snowflake simplified the way you can manage multiple Snowflake accounts of the same organization. Currently this is a preview feature, so you need to ask Snowflake to enable it for your account. This is part of several recent enhancements added by Snowflake to help simplify the management of the data cloud.
ORGADMINing Your Accounts
The new ORGADMIN role allows an organization to do a self-service accounts setup (installation and modification). When you’re using the ORGADMIN role, you can run commands such as SHOW ORGANIZATION ACCOUNTS to show the currently available accounts in the organization, change configuration attributes, or even create a new account, for example:
ACME corporation needs a second staging environment for their dataops activities, and instead of wasting time, they go to their head of DataOps, who is the organization’s Snowflake ORGADMIN, who has the superpowers of setting up new accounts for ACME corp. The head of DataOps (in other organizations it can be other functions such as data engineering) runs the following command:
CREATE ACCOUNT stage2
ADMIN_NAME = stageadmin
ADMIN_PASSWORD = ‘Aa123456’ /* not this password :) */
FIRST_NAME = stage
LAST_NAME = admin
MUST_CHANGE_PASSWORD = TRUE
EMAIL = ‘dataops@acme.corp’
EDITION = standard
REGION = aws_us_east_1;The accounts are set in the following format:
https://<ORGNAME>-<ACCOUNTNAME>.snowflakecomputing.comNote: if you are using Satori for your Snowflake security, Snowflake auditing and monitoring or Snowflake data inventory, your hostname for each account will be displayed in Satori management consoles, under “data stores” (each account is a separate data store).
Or in our example:
https://acme-stage2.snowflakecomputing.comWhat’s Next
I think that in the near future we will see additional enhancements from Snowflake, as well as other players in the cloud data space around allowing more self-service to their customers. I think that self-service, which became very common in applications management, will be much stronger in self-service of data management, and self-service data access.
