SOL-C01 · Question #42
SOL-C01 Question #42: Real Exam Question with Answer & Explanation
The correct answer is A: Grant the 'OWNERSHIP privilege on the ` SALES' database to the 'DATA_ADMIN' role. Then, set. Granting the OWNERSHIP' privilege on the database allows the 'DATA_ADMIN' role to grant all privileges on the database and all its objects to other roles. Option B, granting 'ALL PRIVILEGES' , does not automatically propagate the ability to grant those privileges to other roles.
Question
A Snowflake account has multiple custom roles, including `DATA ADMIN', 'ANALYST , and 'REPORTING'. The `DATA ADMIN role should be able to grant all privileges on any object in the 'SALES' database to other roles. Which of the following approaches is the MOST secure and efficient way to achieve this?
Options
- AGrant the 'OWNERSHIP privilege on the ` SALES' database to the 'DATA_ADMIN' role. Then, set
- BGrant the 'ALL PRIVILEGES' on the 'SALES' database and all its objects to the `DATA_ADMIN'
- CGrant USAGE on the 'SALES' database to the 'DATA ADMIN' role and manually grant all other
- DCreate a custom role hierarchy where 'DATA_ADMIN' inherits all privileges from the
- EGrant the OWNERSHIP privilege on the SALES database to the DATA ADMIN role. When an
Explanation
Granting the OWNERSHIP' privilege on the database allows the 'DATA_ADMIN' role to grant all privileges on the database and all its objects to other roles. Option B, granting 'ALL PRIVILEGES' , does not automatically propagate the ability to grant those privileges to other roles. Option C is inefficient. Option D is incorrect; custom roles cannot inherit directly from ACCOUNTADMIN'. Option E is partially correct, but missing the critical step of initially granting OWNERSHIP on the database itself.
Topics
Community Discussion
No community discussion yet for this question.