SOL-C01 · Question #52
You are tasked with creating a secure data sharing environment in Snowflake. You need to share a table named 'CUSTOMER RECORDS' from the `SALES DB' database in your account (Account A) with another Sn
The correct answer is A. Create a share object in Account A and grant USAGE privilege on the database and SELECT B. Create a database in Account B from the share provided by Account A, and grant SELECT. Snowflake's native data sharing is a two-sided process: the provider (Account A) creates a share object and grants USAGE on the database/schema plus SELECT on the table - this is option A. The consumer (Account B) then creates a local database from that share - option B. Critical
Question
You are tasked with creating a secure data sharing environment in Snowflake. You need to share a table named 'CUSTOMER RECORDS' from the `SALES DB' database in your account (Account A) with another Snowflake account (Account B). You want to ensure that Account B can only query the data and cannot modify it in any way. Which of the following steps are REQUIRED to achieve this securely and effectively?
Options
- ACreate a share object in Account A and grant USAGE privilege on the database and SELECT
- BCreate a database in Account B from the share provided by Account A, and grant SELECT
- CGrant OWNERSHIP on the `CUSTOMER RECORDS table to the target account (Account B).
- DCreate an external function that reads the data from Account A and presents it to Account B.
- ECreate a masking policy on all the columns of the 'CUSTOMER RECORDS table before creating
How the community answered
(37 responses)- A59% (22)
- C5% (2)
- D14% (5)
- E22% (8)
Explanation
Snowflake's native data sharing is a two-sided process: the provider (Account A) creates a share object and grants USAGE on the database/schema plus SELECT on the table - this is option A. The consumer (Account B) then creates a local database from that share - option B. Critically, shared databases are inherently read-only by design; consumers receive no DML privileges, satisfying the "cannot modify" requirement without any extra configuration.
Why the distractors are wrong:
- C - Granting
OWNERSHIPto Account B would give them full control over the table, which is the opposite of the goal and is not how cross-account sharing works. - D - External functions are for invoking external APIs (e.g., AWS Lambda), not for sharing data between Snowflake accounts; this is entirely the wrong mechanism.
- E - Masking policies add column-level data obfuscation and are an optional security enhancement, not a required step to establish a share.
Memory tip: Think of it as a two-key handshake - Account A holds the "lock" (share object with USAGE + SELECT), Account B turns the "key" (creates a database from the share). Read-only access is baked in automatically; no extra steps needed to prevent writes.
Topics
Community Discussion
No community discussion yet for this question.