SOL-C01 Question #236: Real Exam Question with Answer & Explanation

Question

A data analyst needs to query a table named 'ORDERS' which contains sensitive customer information, including email addresses. They only need to access order IDs and order dates for their analysis, but they are mistakenly seeing all columns. You, as the Snowflake administrator, need to restrict their access to only the necessary columns without creating a separate table or view. What is the MOST secure and efficient way to achieve this in Snowflake using Row Access Policies and Column Masking Policies? Assume the role 'ANALYST' is already defined.

Options

• ACreate a view on the 'ORDERS' table that selects only the 'ORDER_ID and 'ORDER_DATE
• BGrant the ANALYST role SELECT access to the 'ORDERS' table, and then use 'ALTER TABLE to
• CApply a Row Access Policy that allows only rows with a specific order date, and then grant the
• DApply a Column Masking Policy to the 'EMAIL' column to mask the data (e.g., replace it with
• ECreate a dynamic data masking policy for the `EMAIL' column and a row access policy that only

Explanation

Option D is the best approach because it directly addresses the requirement of restricting access to sensitive data. It applies a Column Masking Policy to the "EMAIL' column, preventing the analyst from viewing the actual email addresses while still allowing them to access the 'ORDER_ID and 'ORDER DATE columns. Option A creates a view, which is a valid approach, but using masking policies provides more granular control and auditability. Option B is destructive and unacceptable. Option C restricts rows, which is not what the question asks for. Option E is an overkill since row access policies are not needed in this case.

No community discussion yet for this question.