SOL-C01 · Question #39
You have a role hierarchy where 'ROLE A' has been granted to 'ROLE B', and 'ROLE B" has been granted to User 'USER X' 'ROLE R has 'SELECT privilege on 'TABLE_I' and 'INSERT' privilege on 'TABLE 2'. As
The correct answer is B. USER_X' can SELECT from ` TABLE _ 1 ` and INSERT into ` TABLE _ 2 only when the active role. In Snowflake's RBAC model, a user's active role determines which privileges are available at any given moment. Since ROLE_A is granted to ROLE_B, and ROLE_B is granted to USER_X, USER_X can exercise SELECT on TABLE_1 and INSERT on TABLE_2 - but only when the active role is set to
Question
You have a role hierarchy where 'ROLE A' has been granted to 'ROLE B', and 'ROLE B" has been granted to User 'USER X' 'ROLE R has 'SELECT privilege on 'TABLE_I' and 'INSERT' privilege on 'TABLE 2'. Assume that 'USER_X' is currently using the 'ACCOUNTADMIN' role. Which of the following statements accurately describe the privileges available to 'USER X'? (Choose two)
Options
- A` USER_X' can SELECT from only when the active role is set to
- BUSER_X' can SELECT from
TABLE _ 1and INSERT into ` TABLE _ 2 only when the active role - CUSER_X can SELECT from 'TABLE_I" and INSERT into 'TABLE_2 regardless of the active role.
- DUSER X' cannot SELECT from 'TABLE 1 ` or INSERT into STABLE_2 because the privileges are
How the community answered
(32 responses)- A6% (2)
- B56% (18)
- C22% (7)
- D16% (5)
Explanation
In Snowflake's RBAC model, a user's active role determines which privileges are available at any given moment. Since ROLE_A is granted to ROLE_B, and ROLE_B is granted to USER_X, USER_X can exercise SELECT on TABLE_1 and INSERT on TABLE_2 - but only when the active role is set to ROLE_B (or a role that has ROLE_B in its hierarchy). While USER_X is using ACCOUNTADMIN, those specific object-level privileges from ROLE_A are not available because ACCOUNTADMIN doesn't inherit ROLE_B in this scenario.
Why the distractors fail:
- A is wrong because it implies only SELECT is available - USER_X gets both SELECT and INSERT through the role chain, not just one of them.
- C is wrong because Snowflake does not make all granted roles simultaneously active; only the current active role (and its inherited hierarchy) applies.
- D is wrong because USER_X can access both tables - just not while ACCOUNTADMIN is the active role.
Memory tip: Think of Snowflake roles like hats - you can only wear one hat at a time. Even if you own a hard hat (ROLE_B) with special privileges, wearing your business hat (ACCOUNTADMIN) means those hard-hat privileges are unavailable until you switch. Role hierarchy flows up through grants, not sideways across unrelated roles.
Topics
Community Discussion
No community discussion yet for this question.