As a best practice, all custom roles should be granted to which system-defined role?
As a best practice, all custom roles should be granted to which system-defined role?
As a best practice, all custom roles should be granted to the SYSADMIN system-defined role. The SYSADMIN role has the ability to create warehouses, databases, and other objects in an account. By assigning custom roles to the SYSADMIN role, it ensures that SYSADMIN can also grant privileges on these objects to other roles, aligning with the recommended hierarchical role structure in Snowflake.
D--Sysadmin Role that has privileges to create warehouses and databases (and other objects) in an account. If, as recommended, you create a role hierarchy that ultimately assigns all custom roles to the SYSADMIN role, this role also has the ability to grant privileges on warehouses, databases, and other objects to other roles.
D https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#:~:text=with%20the%20top%2Dmost%20custom%20role%20assigned%20to%20the%20system%20role%20SYSADMIN
https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#system-defined-roles
Verified
https://docs.snowflake.com/en/user-guide/security-access-control-overview
D - SYSADMIN