What is a best practice after creating a custom role?
What is a best practice after creating a custom role?
After creating a custom role, a best practice is to assign the custom role to the SYSADMIN role. This ensures a hierarchical structure where the SYSADMIN role, which has the necessary privileges for managing warehouses and databases, can oversee the custom role and its granted privileges. This practice supports effective access control and privilege management within the system.
answer is B Custom roles (i.e. any roles other than the system-defined roles) can be created by the USERADMIN role (or a higher role) as well as by any role to which the CREATE ROLE privilege has been granted. By default, a newly-created role is not assigned to any user, nor granted to any other role. When creating roles that will serve as the owners of securable objects in the system, Snowflake recommends creating a hierarchy of custom roles, with the top-most custom role assigned to the system role SYSADMIN.
https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#role-hierarchy-and-privilege-inheritance https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#role-hierarchy-and-privilege-inheritance
B. Assign the custom role to the SYSADMIN role.
B. Assign the custom role to the SYSADMIN role.
SYSADMIN (aka System Administrator) Role that has privileges to create warehouses and databases (and other objects) in an account. If, as recommended, you create a role hierarchy that ultimately assigns all custom roles to the SYSADMIN role, this role also has the ability to grant privileges on warehouses, databases, and other objects to other roles.
B is the right answer
Correct
Answer A https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#
Sorry, correct answer is B