ARA-C01 · Question #30
A group of Data Analysts have been granted the role analyst role. They need a Snowflake database where they can create and modify tables, views, and other objects to load with their own data. The Anal
The correct answer is C. Make every schema in the database a managed access schema, owned by SYSADMIN, and grant. The requirement is: analysts can create/modify objects, but they cannot grant access to users outside their role. This is precisely what managed access schemas solve in Snowflake. In a managed access schema, the privilege to grant access to schema objects is centralized with the
Question
A group of Data Analysts have been granted the role analyst role. They need a Snowflake database where they can create and modify tables, views, and other objects to load with their own data. The Analysts should not have the ability to give other Snowflake users outside of their role access to this data. How should these requirements be met?
Options
- AGrant ANALYST_R0LE OWNERSHIP on the database, but make sure that ANALYST_ROLE does
- BGrant SYSADMIN ownership of the database, but grant the create schema privilege on the
- CMake every schema in the database a managed access schema, owned by SYSADMIN, and grant
- DGrant ANALYST_ROLE ownership on the database, but grant the ownership on future [object
How the community answered
(39 responses)- A3% (1)
- B10% (4)
- C82% (32)
- D5% (2)
Explanation
The requirement is: analysts can create/modify objects, but they cannot grant access to users outside their role. This is precisely what managed access schemas solve in Snowflake. In a managed access schema, the privilege to grant access to schema objects is centralized with the schema owner (SYSADMIN) - object owners (analysts) cannot grant privileges on their objects to others. By making every schema a managed access schema owned by SYSADMIN and granting the analysts the necessary object-level privileges, analysts get full DDL/DML capability while being unable to share access externally. Granting ANALYST_ROLE ownership on the database (options A/D) would allow analysts to grant database-level access to others, violating the requirement.
Topics
Community Discussion
No community discussion yet for this question.