snowflake_account_grantsnowflake_account_parametersnowflake_databasesnowflake_database_grantsnowflake_login_historysnowflake_network_policysnowflake_resource_monitorsnowflake_rolesnowflake_role_grantsnowflake_schematasnowflake_sessionsnowflake_session_policysnowflake_usersnowflake_user_grantsnowflake_viewsnowflake_view_grantsnowflake_warehousesnowflake_warehouse_metering_history
Table: snowflake_user
A user is an identity recognized by Snowflake and can be associated with a person or program.
Note: This table can only be queried by users with a role that has the MANAGE GRANTS global privilege. This privilege is usually granted to the ACCOUNTADMIN and SECURITYADMIN roles.
Examples
Basic info
select name, login_name, disabled, default_role, default_warehouse, has_password, has_rsa_public_key, last_success_loginfrom snowflake_user;List users that have passwords
select name, login_name, disabled, default_role, default_warehousefrom snowflake_userwhere has_password;List users whose passwords haven't been rotated in 90 days
select name, login_name, disabled, default_role, default_warehouse, has_password, password_last_set_time :: timestampfrom snowflake_userwhere has_password and password_last_set_time :: timestamp < now() - interval '90 days';List users using keypair authentication
select name, login_name, disabled, rsa_public_key, rsa_public_key_fp, rsa_public_key_2, rsa_public_key_2_fpfrom snowflake_userwhere has_rsa_public_key;List users that have not logged in for 30 days
select name, email, disabled, last_success_loginfrom snowflake_userwhere last_success_login is null or (last_success_login < now() - interval '30 days');.inspect snowflake_user
A user identity recognized by Snowflake, whether associated with a person or program.
| Name | Type | Description |
|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
| account | text | The Snowflake account ID. |
| comment | text | Comment associated to user in the dictionary. |
| created_on | timestamp with time zone | Timestamp when the user was created. |
| custom_landing_page_url | text | Snowflake Support is allowed to use the user or account. |
| custom_landing_page_url_flush_next_ui_load | boolean | The timestamp on which the last non-null password was set for the user. Default to null if no password has been set yet. |
| days_to_expiry | text | User record will be treated as expired after specified number of days. |
| default_namespace | text | Default database namespace prefix for this user. |
| default_role | text | Primary principal of user session will be set to this role. |
| default_secondary_roles | text | The secondary roles will be set to all roles provided here. |
| default_warehouse | text | Default warehouse for this user. |
| disabled | text | Whether the user is disabled. |
| display_name | text | Display name of the user. |
| text | Email address of the user | |
| expires_at_time | timestamp with time zone | The date and time when the user's status is set to EXPIRED and the user can no longer log in. |
| ext_authn_duo | boolean | Whether Duo Security is enabled as second factor authentication. |
| ext_authn_uid | text | External authentication ID of the user. |
| first_name | text | First name of the user. |
| has_password | boolean | Whether the user has password. |
| has_rsa_public_key | boolean | Whether the user has RSA public key. |
| last_name | text | Last name of the user. |
| last_success_login | timestamp with time zone | Date and time when the user last logged in to the Snowflake. |
| locked_until_time | timestamp with time zone | Specifies the number of minutes until the temporary lock on the user login is cleared. |
| login_name | text | Login name of the user. |
| mins_to_bypass_mfa | text | Temporary bypass MFA for the user for a specified number of minutes. |
| mins_to_bypass_network_policy | text | Temporary bypass network policy on the user for a specified number of minutes. |
| mins_to_unlock | text | Temporary lock on the user will be removed after specified number of minutes. |
| must_change_password | text | User must change the password. |
| name | text | Name of the snowflake user. |
| owner | text | Owner of the user in Snowflake. |
| password_last_set_time | text | The timestamp on which the last non-null password was set for the user. Default to null if no password has been set yet. |
| region | text | The Snowflake region in which the account is located. |
| rsa_public_key | text | RSA public key of the user. |
| rsa_public_key_2 | text | Second RSA public key of the user. |
| rsa_public_key_2_fp | text | Fingerprint of user's second RSA public key. |
| rsa_public_key_fp | text | Fingerprint of user's RSA public key. |
| snowflake_lock | text | Whether the user or account is locked by Snowflake. |
| snowflake_support | text | Snowflake Support is allowed to use the user or account. |