Skip to Content

Snowflake SnowPro Core: What Access Control Entity Can Be Created as Part of Hierarchy in Snowflake?

By: Author Alex Lim

Posted on

Categories Exam

Learn about the access control entity in Snowflake that can be created as part of a hierarchy within an account. Understand roles and how they enable granular access control.

Table of Contents

Question

Which access control entity in Snowflake can be created as part of a hierarchy within an account?

A. Securable object
B. Role
C. Privilege
D. User

Answer

In Snowflake, the access control entity that can be created as part of a hierarchy within an account is a Role (Option B).

Explanation

Roles in Snowflake are used to manage access control and permissions. They allow you to group together a set of privileges and assign them to users or other roles. Roles can be organized in a hierarchical structure, where a role can inherit the privileges of its parent role(s). This hierarchical structure enables granular access control and simplifies permission management.

Here’s how the role hierarchy works:

  1. Roles can be created at different levels within an account.
  2. A role can be assigned to one or more parent roles, inheriting the privileges of its parent(s).
  3. Users can be assigned to one or more roles, inheriting the privileges associated with those roles.
  4. Privileges granted to a role are automatically granted to any child roles and users assigned to that role.

By creating a hierarchy of roles, you can define different levels of access based on job functions, departments, or any other organizational structure. This allows you to enforce the principle of least privilege, granting users only the permissions they need to perform their tasks.

For example, you could have a hierarchy like this:

  • ADMIN role (top-level role with all privileges)
  • DEVELOPER role (inherits privileges from ADMIN)
  • JUNIOR_DEVELOPER role (inherits privileges from DEVELOPER)
  • ANALYST role (inherits privileges from ADMIN)
  • MARKETING_ANALYST role (inherits privileges from ANALYST)
  • SALES_ANALYST role (inherits privileges from ANALYST)

In this hierarchy, the ADMIN role has the highest level of privileges. The DEVELOPER and ANALYST roles inherit privileges from ADMIN, while the JUNIOR_DEVELOPER, MARKETING_ANALYST, and SALES_ANALYST roles inherit privileges from their respective parent roles.

Other options mentioned in the question are not correct:

  • Securable object (Option A) refers to the objects in Snowflake that can have privileges granted on them, such as databases, schemas, tables, views, etc. They are not created as part of a hierarchy.
  • Privilege (Option C) represents the right to perform a specific action on a securable object. Privileges are granted to roles or users, but they are not created as part of a hierarchy.
  • User (Option D) represents an individual account that can access Snowflake. Users are assigned roles to gain permissions, but they are not created as part of a hierarchy.

In summary, Roles (Option B) are the access control entity in Snowflake that can be created as part of a hierarchy within an account, enabling granular access control and simplified permission management.

Snowflake SnowPro Core certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Snowflake SnowPro Core exam and earn Snowflake SnowPro Core certification.