nerdexam
Snowflake

SOL-C01 · Question #60

A data engineer is tasked with creating a new database called `SALES DATA within a Snowflake account. They want to ensure that only users with the 'ACCOUNTADMIN' role or a custom role 'SALES ADMIN' ca

The correct answer is A. Grant the `OWNERSHIP' privilege on the 'SALES_DATX database to the 'SALES_ADMIN' role. E. The 'ACCOUNTADMIN' role already has sufficient privileges; no additional grants are needed for. Granting OWNERSHIP (A) on the SALES_DATA database to SALES_ADMIN is correct because OWNERSHIP is the privilege that confers full control over an object's configuration - including the ability to alter, drop, and manage all settings. ACCOUNTADMIN (E) is Snowflake's highest system-

Snowflake Account and Security

Question

A data engineer is tasked with creating a new database called `SALES DATA within a Snowflake account. They want to ensure that only users with the 'ACCOUNTADMIN' role or a custom role 'SALES ADMIN' can manage the database's overall configuration. Which of the following steps are necessary to achieve this? (Choose all that apply)

Options

  • AGrant the `OWNERSHIP' privilege on the 'SALES_DATX database to the 'SALES_ADMIN' role.
  • BGrant the CREATE SCHEMA' privilege on the SALES DATA' database to the 'SALES_ADMIN'
  • CGrant the `MODIFY privilege on the DATABASE object to the 'SALES_ADMIN' role.
  • DGrant the USAGE privilege on the 'DATABASE object to the SALES ADMINS role.
  • EThe 'ACCOUNTADMIN' role already has sufficient privileges; no additional grants are needed for

How the community answered

(29 responses)
  • A
    69% (20)
  • B
    10% (3)
  • C
    3% (1)
  • D
    17% (5)

Explanation

Granting OWNERSHIP (A) on the SALES_DATA database to SALES_ADMIN is correct because OWNERSHIP is the privilege that confers full control over an object's configuration - including the ability to alter, drop, and manage all settings. ACCOUNTADMIN (E) is Snowflake's highest system-defined role and inherits all privileges by design, so it never requires additional grants to manage any database.

Why the distractors are wrong:

  • B (CREATE SCHEMA) only allows creating schemas inside the database - it has nothing to do with managing the database's own configuration.
  • C (MODIFY) lets a role alter certain database properties (e.g., rename), but it is a narrow, lower-level privilege already subsumed by OWNERSHIP, and alone does not cover "overall configuration management."
  • D (USAGE) is a read-access privilege that permits connecting to and referencing the database, not managing or configuring it.

Memory tip: In Snowflake, think of privileges as a pyramid - OWNERSHIP sits at the top for any object, granting complete management rights. For system roles like ACCOUNTADMIN, remember the phrase "already owns the house" - it needs no keys handed to it.

Topics

#Snowflake RBAC#Database privileges#OWNERSHIP grant#Role management

Community Discussion

No community discussion yet for this question.

Full SOL-C01 Practice