Which of the following roles is recommended to be used to create and manage users and roles?
Which of the following roles is recommended to be used to create and manage users and roles?
The SECURITYADMIN role is designed specifically to handle security-related tasks, including the creation and management of users and roles. This role has the necessary privileges to manage all aspects of user and role administration, making it the recommended choice for these tasks. This aligns with the principle of least privilege, ensuring that higher-level administrative privileges are not unnecessarily granted.
I think the answer to this should be USERADMIN which is not in the options. So the next best answer will be SECURITYADMIN
Here the answer should be SECURITYADMIN as it is parent of USERADMIN (which is the correct answer) More details: https://docs.snowflake.com/en/user-guide/security-access-control-considerations Attention By default, when your account is provisioned, the first user is assigned the ACCOUNTADMIN role. This user should then create one or more additional users who are assigned the USERADMIN role. All remaining users should be created by the user(s) with the USERADMIN role or another role that is granted the global CREATE USER privilege.
the best answer is : USERADMIN The user administrator (USERADMIN) role includes the privileges to create and manage users and roles. The USERADMIN role is a child of thishttps://docs.snowflake.com/en/user-guide/security-access-control-considerations role in the default access control hierarchy.
Being as they're mentioning the default roles, the "recommended" account out of the box should be SECURITYADMIN. Can you use ACCOUNTADMIN - Yes, but it's not the recommended practice at this point based on the question.
In Snowflake, the recommended role to create and manage users and roles is the ACCOUNTADMIN role. The ACCOUNTADMIN role is a built-in, superuser role that has full administrative privileges and can perform all administrative tasks within a Snowflake account. Users assigned the ACCOUNTADMIN role have the ability to create, modify, and delete users and roles. They can also grant and revoke privileges, create and manage warehouses, databases, and schemas, and perform other administrative functions within the account.
No, because this would violate the principle of least privilege. The right answer should be USERADMIN, so the next best choice here is SECURITYADMIN. From the docs: "The user administrator (USERADMIN) role includes the privileges to create and manage users and roles (assuming ownership of those roles or users has not been transferred to another role)." https://docs.snowflak e.com/en/user-guide/security-access-control-considerations#using-the-accountadmin-role
B.Securityadmin
correct answer:B
B. SECURITYADMIN The SECURITYADMIN role is specifically designed to handle security-related tasks, including the creation and management of users and roles. This role has the necessary privileges to manage all aspects of user and role administration, which is essential for maintaining a secure and well-managed Snowflake environment.
Security admin: creates and manges users and roles, and manages grants
Answer B
B. SECURITYADMIN
Answer B
voted B, parent of USERADMIN
SECURITYADMIN, parent of USERADMIN
SECURITY ADMIN
The security administrator (i.e users with the SECURITYADMIN system role) role includes the global MANAGE GRANTS privilege to grant or revoke privileges on objects in the account. The USERADMIN role is a child of this role in the default access control hierarchy.
Correct answer is SECURITY ADMIN, whose aim is create, monitor, and manage users and roles. The ACCOUNTADMIN can also do this but is very powerful and should not be assigned for everyone. It should be granted only to a limited/controlled number of users in the account. Check the source: https://docs.snowflake.com/en/user-guide/security-access-control-overview