A user wants to add additional privileges to the system-defined roles for their virtual warehouse.
How does Snowflake recommend they accomplish this?
A user wants to add additional privileges to the system-defined roles for their virtual warehouse.
How does Snowflake recommend they accomplish this?
Snowflake recommends granting additional privileges to a custom role instead of modifying system-defined roles. System-defined roles are preconfigured with specific privileges related to account-management and should be used as-is to avoid unexpected behavior and security risks. Creating custom roles for additional privileges allows for better management, flexibility, and control over the Snowflake environment.
Q: ... to the system-defined roles ... A - is not a system-defined, otherwise would be added: "and grant this user role to SYSADMIN."
Although additional privileges can be granted to the system-defined roles, it is not recommended. System-defined roles are created with privileges related to account-management. As a best practice, it is not recommended to mix account-management privileges and entity-specific privileges in the same role. If additional privileges are needed, Snowflake recommends granting the additional privileges to a custom role and assigning the custom role to the system-defined role. Documented.. don't spam vote wrong answers
Check this: https://docs.snowflake.com/en/user-guide/security-access-control-configure#:~:text=The%20following%20diagram%20shows%20an%20example%20role%20hierarchy%20and%20the%20privileges%20granted%20to%20each%20role%3A Clearly shows that procedure of adding additional privileges to the system-defined roles is by granting the additional privileges to a custom role which is than assigned to SYSADMIN role. And we know that Snowflake recomends assigning custom roles to SYSADMIN role - which is what this trick questions is all about.
Although additional privileges can be granted to the system-defined roles, it is not recommended. If additional privileges are needed, Snowflake recommends granting the additional privileges to a custom role and assigning the custom role to the system-defined role.
A. Although additional privileges can be granted to the system-defined roles, it is not recommended. System-defined roles are created with privileges related to account-management. As a best practice, it is not recommended to mix account-management privileges and entity-specific privileges in the same role. If additional privileges are needed, Snowflake recommends granting the additional privileges to a custom role and assigning the custom role to the system-defined role. https://docs.snowflake.com/en/user-guide/security-access-control-overview
A - It is not recommended to use system roles for customer privileges.
correct
use custom role. Custom roles should be attached to SYSADMIN. this way additional privilege can be granted to system defined roles
Snowflake recommends that a user should grant the additional privileges to a custom role, instead of modifying the system-defined roles for their virtual warehouse. System-defined roles are preconfigured roles provided by Snowflake, which are intended to be used as-is. Modifying the privileges of these roles can cause unexpected behavior and can impact the security of your Snowflake environment. Additionally, system-defined roles cannot be deleted or modified, which means that any changes you make to these roles will be permanent and cannot be undone. Instead, Snowflake recommends that you create custom roles and grant the necessary privileges to those roles. This approach allows you to grant precise privileges to users, while maintaining the security and integrity of your Snowflake environment. You can also modify and delete custom roles as needed, providing greater flexibility and control over your Snowflake environment.
Although additional privileges can be granted to the system-defined roles, it is not recommended. System-defined roles are created with privileges related to account-management. As a best practice, it is not recommended to mix account-management privileges and entity-specific privileges in the same role. If additional privileges are needed, Snowflake recommends granting the additional privileges to a custom role and assigning the custom role to the system-defined role.
Custom role is not system defined, hence it is only SYSADMIN
A is not about system defined roles... I asked chat gpt In Snowflake, it is generally not recommended to add additional privileges to the system-defined roles because doing so can potentially compromise the security and integrity of the system. Instead, it is recommended to create custom roles and grant specific privileges to those roles as needed. However, if you do need to add additional privileges to a system-defined role, the recommended way to do so is by using the "GRANT" statement. For example, to add the "CREATE TABLE" privilege to the "SYSADMIN" role, you can....
Chat gpt is nice but never trust it 100%! Also it has info up until 2021 and Snowflake release update every week as far as I remember so be more cautious about your search :)
The premium version of chatGPT can access web content and is therefore not restricted by 2021 data cut off.
https://docs.snowflake.com/en/user-guide/security-access-control-overview