ExamGecko
Search Search Login
Home Home / Snowflake / ARA-C01
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is a valid object hierarchy when building a Snowflake environment?
A Snowflake Architect is designing a multi-tenant application strategy for an organization in the Snowflake Data Cloud and is considering using an Account Per Tenant strategy. Which requirements will be addressed with this approach? (Choose two.)
A company has an inbound share set up with eight tables and five secure views. The company plans to make the share part of its production data pipelines. Which actions can the company take with the inbound share? (Choose two.)
What is a characteristic of event notifications in Snowpipe?
The following DDL command was used to create a task based on a stream: Assuming MY_WH is set to auto_suspend -- 60 and used exclusively for this task, which statement is true?
What transformations are supported in the below SQL statement? (Select THREE). CREATE PIPE ... AS COPY ... FROM (...)
A Snowflake Architect is setting up database replication to support a disaster recovery plan. The primary database has external tables. How should the database be replicated?
How can the Snowpipe REST API be used to keep a log of data load history?
At which object type level can the APPLY MASKING POLICY, APPLY ROW ACCESS POLICY and APPLY SESSION POLICY privileges be granted?
A company has a table with that has corrupted data, named Dat a. The company wants to recover the data as it was 5 minutes ago using cloning and Time Travel. What command will accomplish this?

Question 121 - ARA-C01 discussion

Report
Export

What is a characteristic of Role-Based Access Control (RBAC) as used in Snowflake?

A.
Privileges can be granted at the database level and can be inherited by all underlying objects.
Answers
A.
Privileges can be granted at the database level and can be inherited by all underlying objects.
B.
A user can use a 'super-user' access along with securityadmin to bypass authorization checks and access all databases, schemas, and underlying objects.
Answers
B.
A user can use a 'super-user' access along with securityadmin to bypass authorization checks and access all databases, schemas, and underlying objects.
C.
A user can create managed access schemas to support future grants and ensure only schema owners can grant privileges to other roles.
Answers
C.
A user can create managed access schemas to support future grants and ensure only schema owners can grant privileges to other roles.
D.
A user can create managed access schemas to support current and future grants and ensure only object owners can grant privileges to other roles.
Answers
D.
A user can create managed access schemas to support current and future grants and ensure only object owners can grant privileges to other roles.
Suggested answer: A, C

Explanation:

Role-Based Access Control (RBAC) is the Snowflake Access Control Framework that allows privileges to be granted by object owners to roles, and roles, in turn, can be assigned to users to restrict or allow actions to be performed on objects. A characteristic of RBAC as used in Snowflake is:

Privileges can be granted at the database level and can be inherited by all underlying objects. This means that a role that has a certain privilege on a database, such as CREATE SCHEMA or USAGE, can also perform the same action on any schema, table, view, or other object within that database, unless explicitly revoked. This simplifies the access control management and reduces the number of grants required.

A user can create managed access schemas to support future grants and ensure only schema owners can grant privileges to other roles. This means that a user can create a schema with the MANAGED ACCESS option, which changes the default behavior of object ownership and privilege granting within the schema. In a managed access schema, object owners lose the ability to grant privileges on their objects to other roles, and only the schema owner or a role with the MANAGE GRANTS privilege can do so. This enhances the security and governance of the schema and its objects.

The other options are not characteristics of RBAC as used in Snowflake:

A user can use a ''super-user'' access along with securityadmin to bypass authorization checks and access all databases, schemas, and underlying objects. This is not true, as there is no such thing as a ''super-user'' access in Snowflake. The securityadmin role is a predefined role that can manage users and roles, but it does not have any privileges on any database objects by default. To access any object, the securityadmin role must be explicitly granted the appropriate privilege by the object owner or another role with the grant option.

A user can create managed access schemas to support current and future grants and ensure only object owners can grant privileges to other roles. This is not true, as this contradicts the definition of a managed access schema. In a managed access schema, object owners cannot grant privileges on their objects to other roles, and only the schema owner or a role with the MANAGE GRANTS privilege can do so.

Overview of Access Control

A Functional Approach For Snowflake's Role-Based Access Controls

Snowflake Role-Based Access Control simplified

Snowflake RBAC security prefers role inheritance to role composition

Overview of Snowflake Role Based Access Control

Show Answer
asked 23/09/2024
Husein M
34 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms