nerdexam
Snowflake

SOL-C01 · Question #52

You are tasked with creating a secure data sharing environment in Snowflake. You need to share a table named 'CUSTOMER RECORDS' from the `SALES DB' database in your account (Account A) with another Sn

The correct answer is A. Create a share object in Account A and grant USAGE privilege on the database and SELECT B. Create a database in Account B from the share provided by Account A, and grant SELECT. Snowflake's native data sharing is a two-sided process: the provider (Account A) creates a share object and grants USAGE on the database/schema plus SELECT on the table - this is option A. The consumer (Account B) then creates a local database from that share - option B. Critical

Data Sharing

Question

You are tasked with creating a secure data sharing environment in Snowflake. You need to share a table named 'CUSTOMER RECORDS' from the `SALES DB' database in your account (Account A) with another Snowflake account (Account B). You want to ensure that Account B can only query the data and cannot modify it in any way. Which of the following steps are REQUIRED to achieve this securely and effectively?

Options

  • ACreate a share object in Account A and grant USAGE privilege on the database and SELECT
  • BCreate a database in Account B from the share provided by Account A, and grant SELECT
  • CGrant OWNERSHIP on the `CUSTOMER RECORDS table to the target account (Account B).
  • DCreate an external function that reads the data from Account A and presents it to Account B.
  • ECreate a masking policy on all the columns of the 'CUSTOMER RECORDS table before creating

How the community answered

(37 responses)
  • A
    59% (22)
  • C
    5% (2)
  • D
    14% (5)
  • E
    22% (8)

Explanation

Snowflake's native data sharing is a two-sided process: the provider (Account A) creates a share object and grants USAGE on the database/schema plus SELECT on the table - this is option A. The consumer (Account B) then creates a local database from that share - option B. Critically, shared databases are inherently read-only by design; consumers receive no DML privileges, satisfying the "cannot modify" requirement without any extra configuration.

Why the distractors are wrong:

  • C - Granting OWNERSHIP to Account B would give them full control over the table, which is the opposite of the goal and is not how cross-account sharing works.
  • D - External functions are for invoking external APIs (e.g., AWS Lambda), not for sharing data between Snowflake accounts; this is entirely the wrong mechanism.
  • E - Masking policies add column-level data obfuscation and are an optional security enhancement, not a required step to establish a share.

Memory tip: Think of it as a two-key handshake - Account A holds the "lock" (share object with USAGE + SELECT), Account B turns the "key" (creates a database from the share). Read-only access is baked in automatically; no extra steps needed to prevent writes.

Topics

#Cross-account shares#Share objects#SELECT privilege#Ownership isolation

Community Discussion

No community discussion yet for this question.

Full SOL-C01 Practice