nerdexam
Snowflake

SOL-C01 · Question #39

You have a role hierarchy where 'ROLE A' has been granted to 'ROLE B', and 'ROLE B" has been granted to User 'USER X' 'ROLE R has 'SELECT privilege on 'TABLE_I' and 'INSERT' privilege on 'TABLE 2'. As

The correct answer is B. USER_X' can SELECT from ` TABLE _ 1 ` and INSERT into ` TABLE _ 2 only when the active role. In Snowflake's RBAC model, a user's active role determines which privileges are available at any given moment. Since ROLE_A is granted to ROLE_B, and ROLE_B is granted to USER_X, USER_X can exercise SELECT on TABLE_1 and INSERT on TABLE_2 - but only when the active role is set to

Snowflake Account and Security

Question

You have a role hierarchy where 'ROLE A' has been granted to 'ROLE B', and 'ROLE B" has been granted to User 'USER X' 'ROLE R has 'SELECT privilege on 'TABLE_I' and 'INSERT' privilege on 'TABLE 2'. Assume that 'USER_X' is currently using the 'ACCOUNTADMIN' role. Which of the following statements accurately describe the privileges available to 'USER X'? (Choose two)

Options

  • A` USER_X' can SELECT from only when the active role is set to
  • BUSER_X' can SELECT from TABLE _ 1 and INSERT into ` TABLE _ 2 only when the active role
  • CUSER_X can SELECT from 'TABLE_I" and INSERT into 'TABLE_2 regardless of the active role.
  • DUSER X' cannot SELECT from 'TABLE 1 ` or INSERT into STABLE_2 because the privileges are

How the community answered

(32 responses)
  • A
    6% (2)
  • B
    56% (18)
  • C
    22% (7)
  • D
    16% (5)

Explanation

In Snowflake's RBAC model, a user's active role determines which privileges are available at any given moment. Since ROLE_A is granted to ROLE_B, and ROLE_B is granted to USER_X, USER_X can exercise SELECT on TABLE_1 and INSERT on TABLE_2 - but only when the active role is set to ROLE_B (or a role that has ROLE_B in its hierarchy). While USER_X is using ACCOUNTADMIN, those specific object-level privileges from ROLE_A are not available because ACCOUNTADMIN doesn't inherit ROLE_B in this scenario.

Why the distractors fail:

  • A is wrong because it implies only SELECT is available - USER_X gets both SELECT and INSERT through the role chain, not just one of them.
  • C is wrong because Snowflake does not make all granted roles simultaneously active; only the current active role (and its inherited hierarchy) applies.
  • D is wrong because USER_X can access both tables - just not while ACCOUNTADMIN is the active role.

Memory tip: Think of Snowflake roles like hats - you can only wear one hat at a time. Even if you own a hard hat (ROLE_B) with special privileges, wearing your business hat (ACCOUNTADMIN) means those hard-hat privileges are unavailable until you switch. Role hierarchy flows up through grants, not sideways across unrelated roles.

Topics

#Role Hierarchy#Privilege Inheritance#Active Role#RBAC

Community Discussion

No community discussion yet for this question.

Full SOL-C01 Practice