List of questions
Related questions
Question 79 - ARA-C01 discussion
An Architect needs to grant a group of ORDER_ADMIN users the ability to clean old data in an ORDERS table (deleting all records older than 5 years), without granting any privileges on the table. The group's manager (ORDER_MANAGER) has full DELETE privileges on the table.
How can the ORDER_ADMIN role be enabled to perform this data cleanup, without needing the DELETE privilege held by the ORDER_MANAGER role?
A.
Create a stored procedure that runs with caller's rights, including the appropriate '> 5 years' business logic, and grant USAGE on this procedure to ORDER_ADMIN. The ORDER_MANAGER role owns the procedure.
B.
Create a stored procedure that can be run using both caller's and owner's rights (allowing the user to specify which rights are used during execution), and grant USAGE on this procedure to ORDER_ADMIN. The ORDER_MANAGER role owns the procedure.
C.
Create a stored procedure that runs with owner's rights, including the appropriate '> 5 years' business logic, and grant USAGE on this procedure to ORDER_ADMIN. The ORDER_MANAGER role owns the procedure.
D.
This scenario would actually not be possible in Snowflake -- any user performing a DELETE on a table requires the DELETE privilege to be granted to the role they are using.
Your answer:
0 comments
Sorted by
Leave a comment first