SnowPro Advanced Architect Exam

Exam SnowPro Advanced Architect All QuestionsBrowse all questions from this exam

Question 98

What is a characteristic of Role-Based Access Control (RBAC) as used in Snowflake?

Privileges can be granted at the database level and can be inherited by all underlying objects.

A user can use a "super-user" access along with SECURITYADMIN to bypass authorization checks and access all databases, schemas, and underlying objects.

A user can create managed access schemas to support future grants and ensure only schema owners can grant privileges to other roles.

A user can create managed access schemas to support current and future grants and ensure only object owners can grant privileges to other roles.

Correct Answer: D

In Role-Based Access Control (RBAC) as used in Snowflake, managed access schemas allow for the management of both current and future grants. Crucially, only the schema owner or a role with the MANAGE GRANTS privilege can grant privileges to other roles, removing the ability from individual object owners and centralizing privilege management. This ensures a controlled and consistent application of access controls across the system.

Discussion

Atomic_GeckoOption: D

D is correct: With managed access schemas, object owners lose the ability to make grant decisions. Only the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant privileges on objects in the schema, including future grants, centralizing privilege management.

Atomic_Gecko

Changing to C, as Object owners can't grant access