SOL-C01 · Question #70
A data engineer is tasked with migrating a legacy data warehouse to Snowflake. They need to create a database named 'SALES DATA and a schema named 'TRANSACTIONS within it. The schema should be managed
The correct answer is B. Create the database and schema. Then, use a future grant: 'GRANT SELECT ON FUTURE. Option B is correct because Snowflake's FUTURE GRANTS feature (GRANT SELECT ON FUTURE TABLES IN SCHEMA ... TO ROLE REPORTING_ROLE) is the native, purpose-built mechanism for automatically applying privileges to objects that don't yet exist - no manual intervention needed each tim
Question
A data engineer is tasked with migrating a legacy data warehouse to Snowflake. They need to create a database named 'SALES DATA and a schema named 'TRANSACTIONS within it. The schema should be managed by a specific role, DATA ADMIN'. Furthermore, they need to ensure that all newly created tables within this schema are automatically granted SELECT privileges to the 'REPORTING ROLE. Which of the following steps are required to accomplish this, following Snowflake best practices for security and governance?
Options
- ACreate the database and schema with `OWNER = DATA ADMIN'. Use 'GRANT USAGE ON
- BCreate the database and schema. Then, use a future grant: 'GRANT SELECT ON FUTURE
- CCreate the database and schema with 'OWNER = DATA_ADMIN'. Then, create a stored
- DCreate the database and schema. Then, schedule a task that runs every minute and grants
- ECreate the database and schema with 'OWNER = DATA ADMIN'. Use 'GRANT OWNERSHIP ON
How the community answered
(21 responses)- A5% (1)
- B52% (11)
- C24% (5)
- D10% (2)
- E10% (2)
Explanation
Option B is correct because Snowflake's FUTURE GRANTS feature (GRANT SELECT ON FUTURE TABLES IN SCHEMA ... TO ROLE REPORTING_ROLE) is the native, purpose-built mechanism for automatically applying privileges to objects that don't yet exist - no manual intervention needed each time a new table is created. Combined with GRANT OWNERSHIP ON SCHEMA ... TO ROLE DATA_ADMIN, this cleanly satisfies both requirements in two straightforward statements.
Why the distractors fail:
- A -
OWNER = DATA_ADMINis not valid Snowflake DDL syntax; ownership is transferred withGRANT OWNERSHIP, not set inline at creation. The rest of the option only addresses USAGE, not auto-granting SELECT on future tables. - C - A stored procedure can technically work, but it's unnecessary complexity when
FUTURE GRANTSalready handles this declaratively. Snowflake best practices favor built-in governance features over custom procedural workarounds. - D - Scheduling a task to poll and grant every minute is an anti-pattern: it's delayed, wasteful, and fragile - a table could exist ungoverned for up to a minute. This is exactly the problem FUTURE GRANTS was designed to eliminate.
- E - Granting
OWNERSHIPtoREPORTING_ROLEis dangerously overpermissive; a reporting role needs onlySELECT, not schema ownership. Ownership grants full control including the ability to drop or restructure objects.
Memory tip: When you see "automatically grant on not-yet-created objects," think FUTURE GRANTS - it's Snowflake's "set it and forget it" privilege mechanism. If the word future appears in the requirement, the answer almost always involves GRANT ... ON FUTURE ....
Topics
Community Discussion
No community discussion yet for this question.