SOL-C01 Question #33: Real Exam Question with Answer & Explanation

Question

A Snowflake account has the following role hierarchy: - ACCOUNTADMIN - SECURITYADMIN - DB_ADMIN - ETL USER - REPORT USER SECURITYADMIN reports to ACCOUNTADMIN, DB_ADMIN reports to SECURITYADMIN, ETL_USER and REPORT USER reports to DB_ADMIN. A user 'john.doe' has been granted the `REPORT USER role. 'john.doe' needs to execute a query that requires temporary table creation. However, the execution fails. Which of the following steps would CORRECTLY grant the minimum necessary privilege to 'john.doe' such that he can create temporary tables without compromising security or overly broad access? Select all that apply:

Options

• AGrant the 'CREATE TEMPORARY TABLE' privilege on the database to the 'DB_ADMIN' role.
• BGrant the 'CREATE TEMPORARY TABLE' privilege directly to the "REPORT_USER role.
• CCreate a new custom role, Grant the 'CREATE TEMPORARY TABLE privilege on the database to
• DGrant the ACCOUNTADMIN role to the User john.doe
• ECreate a new custom role, 'TEMP TABLE CREATOR. Grant the 'CREATE TEMPORARY TABLE

Explanation

Options B and E are correct. Granting privileges directly to the role that needs them, or to the user, adheres to the principle of least privilege and avoids unintended privilege escalation through role hierarchy.Option A is incorrect because the correct choice will be to provide only privileges on temp table to the user. The privileges in that user role does not need to be escalated. Option C is incorrect because assigning the new custom role to report_user is a wrong approch, it will become a hierarchy and will be difficult to resolve, manage and maintain it. Option D is incorrect since granting ACCOUNTADMIN grants access to everything which goes against the principle of least privilege.

No community discussion yet for this question.