nerdexam
Snowflake

SOL-C01 · Question #13

A Snowflake administrator wants to ensure that all newly created schemas in a specific database automatically inherit certain grants (e.g., 'SELECT' privilege on all tables in the schema to a reportin

The correct answer is B. Use the 'DEFAULT_PRIVILEGES' parameter at the database level to automatically grant the. Snowflake's built-in FUTURE GRANTS mechanism (what option B refers to) is the correct tool here - it lets you declaratively specify that any future objects (tables, schemas, etc.) created within a database or schema will automatically receive defined privileges, using syntax like

Snowflake Account and Security

Question

A Snowflake administrator wants to ensure that all newly created schemas in a specific database automatically inherit certain grants (e.g., 'SELECT' privilege on all tables in the schema to a reporting role). Which of the following approaches is the MOST suitable to accomplish this?

Options

  • ACreate a stored procedure that is automatically executed after each 'CREATE SCHEMA'
  • BUse the 'DEFAULT_PRIVILEGES' parameter at the database level to automatically grant the
  • CImplement a custom event listener that triggers upon schema creation and executes the necessary
  • DManually execute GRANT FUTURE GRANTS' statements after each schema creation to grant the
  • ESchedule a periodic Snowflake Task to search for recently created schemas and grant needed

How the community answered

(46 responses)
  • A
    26% (12)
  • B
    48% (22)
  • C
    15% (7)
  • D
    4% (2)
  • E
    7% (3)

Explanation

Snowflake's built-in FUTURE GRANTS mechanism (what option B refers to) is the correct tool here - it lets you declaratively specify that any future objects (tables, schemas, etc.) created within a database or schema will automatically receive defined privileges, using syntax like GRANT SELECT ON FUTURE TABLES IN DATABASE mydb TO ROLE reporting_role. This is a native, zero-maintenance solution that fires at object creation time without any additional logic.

Why the distractors fail:

  • A - Snowflake has no DDL trigger system that auto-fires a stored procedure on CREATE SCHEMA; you'd have to call it manually.
  • C - Snowflake provides no native "event listener" hook for DDL events in the way this implies; it's a fictional construct in this context.
  • D - Running GRANT FUTURE GRANTS after each schema creation is manual and error-prone; the whole point is to set it once in advance.
  • E - A periodic Task creates a privilege gap window and adds unnecessary complexity for something the platform handles natively.

Memory tip: Think of FUTURE GRANTS as a "standing order" - you issue it once at the database level and Snowflake automatically honors it for every new object going forward, like a policy that applies to all future hires, not just current ones.

Topics

#DEFAULT_PRIVILEGES#Schema Grants#RBAC#Access Control

Community Discussion

No community discussion yet for this question.

Full SOL-C01 Practice