SnowPro Advanced: Architect — Question 67

How can the Snowflake context functions be used to help determine whether a user is authorized to see data that has column-level security enforced? (Choose two.)

Answer options

• A. Set masking policy conditions using CURRENT_ROLE targeting the role in use for the current session.
• B. Set masking policy conditions using IS_ROLE_IN_SESSION targeting the role in use for the current account.
• C. Set masking policy conditions using INVOKER_ROLE targeting the executing role in a SQL statement.
• D. Determine if there are OWNERSHIP privileges on the masking policy that would allow the use of any function.
• E. Assign the ACCOUNTADMIN role to the user who is executing the object.

Correct answer: A, C

Explanation

Option A is correct as it directly checks the role in use for the current session, ensuring that masking policies apply correctly. Option C is also valid since it allows the execution role to control the visibility of data based on the context of the SQL statement being executed. The other options either refer to roles that do not pertain to session-specific context or address different aspects of privilege management that do not directly relate to column-level security enforcement.