SnowPro Advanced: Architect — Question 71

A group of Data Analysts have been granted the role ANALYST_ROLE. They need a Snowflake database where they can create and modify tables, views, and other objects to load with their own data. The Analysts should not have the ability to give other Snowflake users outside of their role access to this data.

How should these requirements be met?

Answer options

• A. Grant ANALYST_ROLE OWNERSHIP on the database, but make sure that ANALYST_ROLE does not have the MANAGE GRANTS privilege on the account.
• B. Grant SYSADMIN OWNERSHIP of the database, but grant the create schema privilege on the database to the ANALYST_ROLE.
• C. Make every schema in the database a MANAGED ACCESS schema, owned by SYSADMIN, and grant create privileges on each schema to the ANALYST_ROLE for each type of object that needs to be created.
• D. Grant ANALYST_ROLE OWNERSHIP on the database, but grant the OWNERSHIP ON FUTURE [object type]s in database privilege to SYSADMIN.

Correct answer: C

Explanation

Option C is correct because making every schema a MANAGED ACCESS schema owned by SYSADMIN allows the Analysts to create objects without giving them the ability to manage grants to other users. Option A fails as it does not ensure managed access, while Option B gives too much control to SYSADMIN. Option D allows for ownership but still does not restrict the Analysts' ability to manage grants.