Learn how to create a read-only role for HR employees in Snowflake by granting the appropriate permission sets on the hr_db database, schemas, and tables.
Table of Contents
Question
There are two databases in an account, named fin_db and hr_db which contain payroll and employee data, respectively. Accountants and Analysts in the company require different permissions on the objects in these databases to perform their jobs. Accountants need read-write access to fin_db but only require read-only access to hr_db because the database is maintained by human resources personnel.
An Architect needs to create a read-only role for certain employees working in the human resources department.
Which permission sets must be granted to this role?
A. USAGE on database hr_db, USAGE on all schemas in database hr_db, SELECT on all tables in database hr_db
B. USAGE on database hr_db, SELECT on all schemas in database hr_db, SELECT on all tables in database hr_db
C. MODIFY on database hr_db, USAGE on all schemas in database hr_db, USAGE on all tables in database hr_db
D. USAGE on database hr_db, USAGE on all schemas in database hr_db, REFERENCES on all tables in database hr_db
Answer
B. USAGE on database hr_db, SELECT on all schemas in database hr_db, SELECT on all tables in database hr_db
Explanation
To create a read-only role for employees working in the human resources department, the following permission sets must be granted:
B. USAGE on database hr_db, SELECT on all schemas in database hr_db, SELECT on all tables in database hr_db
- USAGE on database hr_db grants access to the hr_db database, allowing the role to view and use the database.
- SELECT on all schemas in database hr_db allows the role to view and query the schemas within the hr_db database.
- SELECT on all tables in database hr_db enables the role to view and query the data in all tables within the hr_db database.
These permission sets combined provide read-only access to the HR database, ensuring that the employees in the human resources department can view the data but cannot modify it.
Options C and D are incorrect because:
- MODIFY on database hr_db (option C) grants the ability to modify the database, which is not required for read-only access.
- USAGE on all tables (options C and D) is not a valid permission for tables in Snowflake. SELECT should be granted instead.
- REFERENCES on all tables (option D) is used for creating foreign key constraints and is not necessary for read-only access.
Snowflake SnowPro Advanced Architect certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Snowflake SnowPro Advanced Architect exam and earn Snowflake SnowPro Advanced Architect certification.