Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Snowflake Exam ARA-C01 Topic 5 Question 20 Discussion

Actual exam question for Snowflake's ARA-C01 exam
Question #: 20
Topic #: 5
[All ARA-C01 Questions]

What is a characteristic of Role-Based Access Control (RBAC) as used in Snowflake?

Show Suggested Answer Hide Answer
Suggested Answer: A, C

Role-Based Access Control (RBAC) is the Snowflake Access Control Framework that allows privileges to be granted by object owners to roles, and roles, in turn, can be assigned to users to restrict or allow actions to be performed on objects. A characteristic of RBAC as used in Snowflake is:

Privileges can be granted at the database level and can be inherited by all underlying objects. This means that a role that has a certain privilege on a database, such as CREATE SCHEMA or USAGE, can also perform the same action on any schema, table, view, or other object within that database, unless explicitly revoked. This simplifies the access control management and reduces the number of grants required.

A user can create managed access schemas to support future grants and ensure only schema owners can grant privileges to other roles. This means that a user can create a schema with the MANAGED ACCESS option, which changes the default behavior of object ownership and privilege granting within the schema. In a managed access schema, object owners lose the ability to grant privileges on their objects to other roles, and only the schema owner or a role with the MANAGE GRANTS privilege can do so. This enhances the security and governance of the schema and its objects.

The other options are not characteristics of RBAC as used in Snowflake:

A user can use a ''super-user'' access along with securityadmin to bypass authorization checks and access all databases, schemas, and underlying objects. This is not true, as there is no such thing as a ''super-user'' access in Snowflake. The securityadmin role is a predefined role that can manage users and roles, but it does not have any privileges on any database objects by default. To access any object, the securityadmin role must be explicitly granted the appropriate privilege by the object owner or another role with the grant option.

A user can create managed access schemas to support current and future grants and ensure only object owners can grant privileges to other roles. This is not true, as this contradicts the definition of a managed access schema. In a managed access schema, object owners cannot grant privileges on their objects to other roles, and only the schema owner or a role with the MANAGE GRANTS privilege can do so.


Overview of Access Control

A Functional Approach For Snowflake's Role-Based Access Controls

Snowflake Role-Based Access Control simplified

Snowflake RBAC security prefers role inheritance to role composition

Overview of Snowflake Role Based Access Control

Contribute your Thoughts:

Jani
6 months ago
Hmm, that makes sense. It's important to have control over who can grant privileges to ensure security.
upvoted 0 times
...
Dalene
6 months ago
I think RBAC in Snowflake involves creating managed access schemas to support future grants and ensure only schema owners can grant privileges to other roles.
upvoted 0 times
...
Rozella
6 months ago
I disagree. I believe RBAC in Snowflake allows a user to use a 'super-user' access to bypass authorization checks and access all databases and schemas.
upvoted 0 times
...
Jani
6 months ago
I think a characteristic of RBAC in Snowflake is that privileges can be granted at the database level and inherited by underlying objects.
upvoted 0 times
...
Kyoko
7 months ago
Yes, that's true. It ensures that only schema owners can grant privileges to other roles, which is crucial for managing access effectively.
upvoted 0 times
...
Dahlia
7 months ago
I believe that creating managed access schemas to support future grants is also a key characteristic of RBAC in Snowflake.
upvoted 0 times
...
Bettina
7 months ago
I agree with Kyoko. That's important for maintaining security and access control in Snowflake.
upvoted 0 times
...
Kyoko
7 months ago
I think the characteristic of RBAC in Snowflake is that privileges can be granted at the database level and inherited by all underlying objects.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77