Skip to Content

SnowPro Core: Snowflake OWNERSHIP Privilege Granting Unrevokable Control

By: Author Alex Lim

Posted on

Categories Exam

Understand the OWNERSHIP privilege in Snowflake, which grants unrevokable control over objects and must be granted judiciously to dedicated administration roles. Learn why OWNERSHIP is unique and cannot be revoked once granted.

Table of Contents

Question

Which privilege must be granted by one role to another role, and cannot be revoked?

A. MONITOR
B. OPERATE
C. OWNERSHIP
D. ALL

Answer

C. OWNERSHIP

Explanation

The privilege that must be granted by one role to another role and cannot be revoked is the OWNERSHIP privilege.

In Snowflake, the OWNERSHIP privilege is a special privilege that allows a role to manage and control another object, such as a database, schema, or specific object like a table or view. Once the OWNERSHIP privilege is granted to a role, it cannot be revoked. This is because the OWNERSHIP privilege grants complete control over the object, including the ability to grant and revoke privileges on that object to other roles.

The OWNERSHIP privilege is typically granted to roles that manage and maintain specific objects or areas of the Snowflake environment. By granting OWNERSHIP, the role can perform any operation on the object, including modifying its structure, data, and access permissions.

It’s important to note that the OWNERSHIP privilege should be granted judiciously, as it grants extensive control over the object. Best practices recommend creating dedicated roles for ownership and administration tasks, and granting the OWNERSHIP privilege only to these roles, rather than individual user roles.

The other options provided in the question are as follows:

A. MONITOR: This privilege allows a role to monitor and view information about objects, but does not grant any ability to modify or control those objects.

B. OPERATE: This privilege allows a role to perform specific operations on an object, such as loading data, executing queries, or creating temporary objects, but does not grant full control or ownership of the object.

C. ALL: This is not a valid privilege in Snowflake. Privileges are granted individually or as a set of privileges using the GRANT statement.

Snowflake SnowPro Core certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Snowflake SnowPro Core exam and earn Snowflake SnowPro Core certification.