What privilege should a user be granted to change permissions for new objects in a managed access schema?
What privilege should a user be granted to change permissions for new objects in a managed access schema?
Granting the OWNERSHIP privilege on the schema is the appropriate permission for a user to change permissions for new objects in a managed access schema. In managed access schemas, the schema owner, who holds the OWNERSHIP privilege on the schema, is responsible for managing all privilege decisions, including future grants on objects within the schema. This centralizes the privilege management process, ensuring that only the schema owner can make these modifications.
It should be A because as both a & c answer are correct, the 'minimum' impacting option is Ownership
Question itself is wrong, privileges are always granted to role, not to users. Users are always granted with roles
Answer -- A With managed access schemas, object owners lose the ability to make grant decisions. Only the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant privileges on objects in the schema, including future grants, centralizing privilege management.
so C is also correct?
With managed access schemas, object owners lose the ability to make grant decisions. Only the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant privileges on objects in the schema, including future grants, centralizing privilege management.
A is correct
Correct
Only the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant privileges on objects in the schema, including future grants, centralizing privilege management. [for a managed access schema] Here we are however talking about granting permission changes privilege for NEW objects. The schema owner would automatically be granted this privilege on all object within the schema he owns. But a MANAGE GRANTS privileged role could only assign privileges using the "future" keyword
Confuse between A&C In managed access schemas (i.e. schemas created using the CREATE SCHEMA … WITH MANAGED ACCESS syntax), either the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the global MANAGE GRANTS privilege can grant privileges on future objects in the schema.
Yes, this question shoud to hav "(Choose two.)"
https://docs.snowflake.com/en/user-guide/security-access-control-configure
AC are both correct With managed access schemas, object owners lose the ability to make grant decisions. Only the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant privileges on objects in the schema, including future grants, centralizing privilege management.
https://docs.snowflake.com/en/sql-reference/sql/create-schema CREATE SCHEMA WITH MANAGED ACCESS Specifies a managed schema. Managed access schemas centralize privilege management with the schema owner. In regular schemas, the owner of an object (i.e. the role that has the OWNERSHIP privilege on the object) can grant further privileges on their objects to other roles. In managed schemas, the schema owner manages all privilege grants, including future grants, on objects in the schema. Object owners retain the OWNERSHIP privileges on the objects; however, only the schema owner can manage privilege grants on the objects.
A correct - based on comments here
A should be the answer
In managed access schemas (i.e. schemas created using the CREATE SCHEMA … WITH MANAGED ACCESS syntax), object owners lose the ability to make grant decisions. Only the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the global MANAGE GRANTS privilege can grant privileges on objects in the schema.