SOL-C01 · Question #13
A Snowflake administrator wants to ensure that all newly created schemas in a specific database automatically inherit certain grants (e.g., 'SELECT' privilege on all tables in the schema to a reportin
The correct answer is B. Use the 'DEFAULT_PRIVILEGES' parameter at the database level to automatically grant the. Snowflake's built-in FUTURE GRANTS mechanism (what option B refers to) is the correct tool here - it lets you declaratively specify that any future objects (tables, schemas, etc.) created within a database or schema will automatically receive defined privileges, using syntax like
Question
A Snowflake administrator wants to ensure that all newly created schemas in a specific database automatically inherit certain grants (e.g., 'SELECT' privilege on all tables in the schema to a reporting role). Which of the following approaches is the MOST suitable to accomplish this?
Options
- ACreate a stored procedure that is automatically executed after each 'CREATE SCHEMA'
- BUse the 'DEFAULT_PRIVILEGES' parameter at the database level to automatically grant the
- CImplement a custom event listener that triggers upon schema creation and executes the necessary
- DManually execute GRANT FUTURE GRANTS' statements after each schema creation to grant the
- ESchedule a periodic Snowflake Task to search for recently created schemas and grant needed
How the community answered
(46 responses)- A26% (12)
- B48% (22)
- C15% (7)
- D4% (2)
- E7% (3)
Explanation
Snowflake's built-in FUTURE GRANTS mechanism (what option B refers to) is the correct tool here - it lets you declaratively specify that any future objects (tables, schemas, etc.) created within a database or schema will automatically receive defined privileges, using syntax like GRANT SELECT ON FUTURE TABLES IN DATABASE mydb TO ROLE reporting_role. This is a native, zero-maintenance solution that fires at object creation time without any additional logic.
Why the distractors fail:
- A - Snowflake has no DDL trigger system that auto-fires a stored procedure on
CREATE SCHEMA; you'd have to call it manually. - C - Snowflake provides no native "event listener" hook for DDL events in the way this implies; it's a fictional construct in this context.
- D - Running
GRANT FUTURE GRANTSafter each schema creation is manual and error-prone; the whole point is to set it once in advance. - E - A periodic Task creates a privilege gap window and adds unnecessary complexity for something the platform handles natively.
Memory tip: Think of FUTURE GRANTS as a "standing order" - you issue it once at the database level and Snowflake automatically honors it for every new object going forward, like a policy that applies to all future hires, not just current ones.
Topics
Community Discussion
No community discussion yet for this question.