What ensures that a user with the role SECURITYADMIN can activate a network policy for an individual user?
What ensures that a user with the role SECURITYADMIN can activate a network policy for an individual user?
In order for a user with the role SECURITYADMIN to activate a network policy for an individual user, the SECURITYADMIN must have ownership privileges on both the user and the network policy. Ownership on both ensures that necessary permissions are in place to manage and activate network policies specifically for that user.
The answers is D https://docs.snowflake.com/en/user-guide/network-policies Check It in chapter Activating Network Policies for Individual Users
Answer is D. Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user.
The correct answer is D. Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user. https://docs.snowflake.com/en/user-guide/network-policies#activating-network-policies-for-individual-users
D https://docs.snowflake.com/en/user-guide/network-policies#activating-network-policies-for-individual-users:~:text=Only%20the%20role%20with%20the%20OWNERSHIP%20privilege%20on%20both%20the%20user%20and%20the%20network%20policy%2C%20or%20a%20higher%20role%2C%20can%20activate%20a%20network%20policy%20for%20an%20individual%20user
https://docs.snowflake.com/en/user-guide/network-policies#:~:text=Only%20the%20role%20with%20the%20OWNERSHIP%20privilege%20on%20both%20the%20user%20and%20the%20network%20policy%2C%20or%20a%20higher%20role%2C%20can%20activate%20a%20network%20policy%20for%20an%20individual%20user.
Only security administrators (i.e. users with the SECURITYADMIN role) or higher or a role with the global CREATE NETWORK POLICY privilege can create network policies. Ownership of a network policy can be transferred to another role. Click Admin » Security » Network Policies.
D Activate network policies for individual users Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user. Option B is not correct. This option applies to creating a network policy for an account. https://docs.snowflake.com/en/user-guide/network-policies#activating-a-network-policy
D. Ownership privilege on both the user and the network policy In Snowflake, to activate a network policy for an individual user, the user with the SECURITYADMIN role needs ownership privileges on both the user account and the network policy. This ensures the necessary permissions to manage and activate network policies for specific users.
C is the answer. Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user. Here key is the "or a higher role". Security admin is higher role to relevant user so direct ownership of user is not required but the network policy is required.
It is recommended but not guaranteed that SECURITYADMIN is always owner of a role. ACCOUNTADMIN, for example, can create a custom role as a high level (parallel with SECURITYADMIN) admin and can give a global CREATE ROLE privilege according to organization's needs. In this case only OWNERSHIP privilege of SECURITYADMIN cannot ensure to attach the policy to the user (which created by either ACCOUNTADMIN or a role for which SECURITYADMIN is not a higher role)
Answer is D verified
https://docs.snowflake.com/en/user-guide/network-policies#activating-network-policies-for-individual-users
Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user. https://docs.snowflake.com/en/user-guide/network-policies
You can't have one ownership on users. Answer is B.
Answer is B. Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user.
Exactly -> B
Sorry, D !!