Exam SnowPro Core All QuestionsBrowse all questions from this exam
Go to Exam
Question 128

True or False: When you create a custom role, it is a best practice to immediately grant that role to ACCOUNTADMIN.

    Correct Answer: B

    When you create a custom role, it is not necessarily a best practice to immediately grant that role to the ACCOUNTADMIN. Instead, it is generally recommended to create a hierarchy of roles where custom roles are granted to the SYSADMIN role, which is already managed by the ACCOUNTADMIN role. This practice aligns with ensuring proper role hierarchy and management within the system, maintaining security and operational efficiency.

Discussion
addixionOption: B

100% false. SYSADMIN should immediately be granted the role, then ACCOUNTADMIN will automatically have the grant through SYSADMIN.

rogerek077Option: B

https://docs.snowflake.com/en/user-guide/security-access-control-overview#roles "When creating roles that will serve as the owners of securable objects in the system, Snowflake recommends creating a hierarchy of custom roles, with the top-most custom role assigned to the system role SYSADMIN." B is correct according to that article

panksooOption: A

https://docs.snowflake.com/en/user-guide/security-access-control-considerations Important: By default, not even the ACCOUNTADMIN role can modify or drop objects created by a custom role. The custom role must be granted to the ACCOUNTADMIN role directly or, preferably, to another role in a hierarchy with the SYSADMIN role as the parent. The SYSADMIN role is managed by the ACCOUNTADMIN role.

NEMMELA

correct A

ShagunMittalOption: B

keyword in the question is "immediately" and that makes the correct answer as False. Granting custom role to ACCOUNTADMIN is not the only option. It can be assigned to role hierarchy with SYSADMIN as parent also

GRKaushalOption: B

We don't have to granted the role to Accountadmin Its automatically have throught the SysADMIN role

KarBiswaOption: A

The custom role must be granted to the ACCOUNTADMIN role directly or, preferably, to another role in a hierarchy with the SYSADMIN role as the parent.

CasualOption: B

B is correct

grabcOption: B

FALSE, Should be assigned to SYSADMIN role

Mallikharjuna452Option: B

B.False

_yyuktaOption: B

B. False

chizoOption: A

True ans A Important By default, not even the ACCOUNTADMIN role can modify or drop objects created by a custom role. The custom role must be granted to the ACCOUNTADMIN role directly or, preferably, to another role in a hierarchy with the SYSADMIN role as the parent. The SYSADMIN role is managed by the ACCOUNTADMIN role.

ShagunMittalOption: A

Best practice is to assign it to ACCOUNTADMIN;

c0d3gOption: A

By default, not even the ACCOUNTADMIN role can modify or drop objects created by a custom role. The custom role must be granted to the ACCOUNTADMIN role directly or, preferably, to another role in a hierarchy with the SYSADMIN role as the parent. The SYSADMIN role is managed by the ACCOUNTADMIN role. https://docs.snowflake.com/en/user-guide/security-access-control-considerations#managing-custom-roles Even it is mentioned preferably SYSADMIN, the idea is to grant custom role to ACCOUNTADMIN.

William_20Option: A

According to the docs: Accountadmin. https://docs.snowflake.com/en/user-guide/security-access-control-considerations.html#managing-custom-roles

William_20

Sorry, should be B: False. It states "preferably, to another role in a hierarchy with the SYSADMIN role as the parent.". Can't remove my previous comment and vote ...

grabcOption: B

The best practice is to assign it to SYSADMIN role, B is correct

arpit_dataguyOption: A

It is TRUE.

Sid460545Option: A

It is TRUE