DEA-C02 · Question #56
DEA-C02 Question #56: Real Exam Question with Answer & Explanation
The correct answer is C: SYSADMIN. SYSADMIN is the recommended top-level parent for custom role hierarchies because it is responsible for managing all database objects (warehouses, databases, schemas, tables) in Snowflake. By granting custom roles up to SYSADMIN, system administrators gain visibility and control o
Question
Which system role is recommended for a custom role hierarchy to be ultimately assigned to?
Options
- AACCOUNTADMIN
- BSECURITYADMIN
- CSYSADMIN
- DUSERADMIN
Explanation
SYSADMIN is the recommended top-level parent for custom role hierarchies because it is responsible for managing all database objects (warehouses, databases, schemas, tables) in Snowflake. By granting custom roles up to SYSADMIN, system administrators gain visibility and control over all objects owned by those custom roles - a Snowflake best practice for maintaining clean governance.
ACCOUNTADMIN (A) is incorrect because it is the most privileged role in Snowflake, reserved for account-level administration tasks; assigning custom roles directly to it violates the principle of least privilege. SECURITYADMIN (B) is incorrect because it is designed for managing users and roles (granting/revoking privileges), not for serving as the parent in an object-management role hierarchy. USERADMIN (D) is incorrect because its scope is limited to creating and managing users and roles, not owning or managing database objects.
Memory tip: Think of the hierarchy as an org chart - custom roles are like employees, and SYSADMIN is their manager who oversees all the "work" (objects). ACCOUNTADMIN is the CEO - too high up to be a direct manager of every custom role.
Topics
Community Discussion
No community discussion yet for this question.