According to Snowflake best practice recommendations, which system-defined roles should be used to create custom roles? (Choose two.)
According to Snowflake best practice recommendations, which system-defined roles should be used to create custom roles? (Choose two.)
According to Snowflake best practice recommendations, the SECURITYADMIN and USERADMIN system-defined roles should be used to create custom roles. The SECURITYADMIN role is responsible for managing security-related tasks, including creating and managing roles. The USERADMIN role is responsible for managing users and roles, which includes the capability to create custom roles.
https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#system-defined-roles
https://docs.snowflake.com/en/user-guide/security-access-control-configure#label-security-custom-role
SYSADMIN can not define users or roles
Sorry changing the option after reading the question multiple times got the flavour it is asking system defined role who can create custom roles in that case it is USERADMIN or higher so right option is SECURITYADMIN or USERADMIN
Don't spam wrong answers - see the diagram and docs before voting
https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#custom-roles
Custom account roles can be created using the USERADMIN role (or a higher role)
Answer -- CD
Question 461 is also referring the same and i see the answer you provided there is SYSADMIN. Can you please confirm
show this picture https://docs.snowflake.com/ko/user-guide/security-access-control-overview#role-hierarchy-and-privilege-inheritance
I would go for Accountadmin and SYSadmin as per https://docs.snowflake.com/en/user-guide/security-access-control-configure#label-security-custom-role
AccountAdmin & SysAdmin
SysAdmin : Does not have the power to create a Custom Role. A Custom Role can be assigned with SysAdmin Privilege but, it cannot create a Role. Security Admin and UserAdmin can create, Manage Users and Roles. Its not a good practice to use the AccountAdmin to create the Roles. Though it can be created, the role should be assigned to SysAdmin. https://www.chaosgenius.io/blog/snowflake-roles-access-control/#:~:text=SECURITYADMIN%20(Security%20Administrator)%3A&text=It%20has%20the%20ability%20to%20create%2C%20monitor%2C%20and%20manage%20users,via%20the%20system%20role%20hierarchy.
https://www.bing.com/search?q=According+to+Snowflake+best+practice+recommendations%2C+which+system-defined+roles+should+be+used+to+create+custom+roles%3F&cvid=878ab2eb3e7a4c1eb414d5f94dfd4759&aqs=edge..69i57j69i11004.1528j0j9&FORM=ANAB01&PC=U531
CD is correct answer
Answer
https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#system-defined-roles
Question 461 is also referring the same and i see the answer you provided there is SYSADMIN. Can you please confirm
SYSADMIN role should be granted to custom roles after their creation. Custom account roles can be created using the USERADMIN role (or a higher role).