0
0
Snowflakecloud~20 mins

Granting and revoking privileges in Snowflake - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Privilege Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
What happens after this privilege grant?
You run the command:

GRANT SELECT ON TABLE sales TO ROLE analyst;

What is the immediate effect of this command?
Snowflake
GRANT SELECT ON TABLE sales TO ROLE analyst;
AThe role 'analyst' can now read data from the 'sales' table.
BThe role 'analyst' can now modify data in the 'sales' table.
CThe role 'analyst' can create new tables in the database.
DThe role 'analyst' can delete the 'sales' table.
Attempts:
2 left
💡 Hint
Think about what the SELECT privilege allows.
security
intermediate
2:00remaining
Which command revokes the privilege to insert data?
You want to remove the ability of the role 'data_entry' to add new rows to the 'customers' table. Which command does this?
AGRANT DELETE ON TABLE customers TO ROLE data_entry;
BREVOKE INSERT ON TABLE customers FROM ROLE data_entry;
CREVOKE SELECT ON TABLE customers FROM ROLE data_entry;
DGRANT UPDATE ON TABLE customers TO ROLE data_entry;
Attempts:
2 left
💡 Hint
Look for the command that removes the INSERT privilege.
Architecture
advanced
2:00remaining
What is the effect of granting a privilege on a schema?
You execute:

GRANT USAGE ON SCHEMA sales_data TO ROLE analyst;

What does this allow the 'analyst' role to do?
ADelete the 'sales_data' schema.
BCreate new databases inside the 'sales_data' schema.
CAccess objects inside the 'sales_data' schema but not read data from tables.
DRead data from all tables inside the 'sales_data' schema.
Attempts:
2 left
💡 Hint
USAGE on a schema allows access but not data reading.
Best Practice
advanced
2:00remaining
Which approach follows least privilege principle?
You want to give a user read access to only one table in a large database. Which is the best way?
AGrant USAGE on the database and schema only.
BGrant SELECT on the entire database to the user's role.
CGrant OWNERSHIP of the table to the user's role.
DGrant SELECT on the specific table to the user's role.
Attempts:
2 left
💡 Hint
Least privilege means giving only what is needed.
🧠 Conceptual
expert
2:00remaining
What error occurs if you revoke a privilege not granted?
You run:

REVOKE DELETE ON TABLE orders FROM ROLE sales_team;

But the 'sales_team' role never had DELETE privilege on 'orders'. What happens?
AThe command succeeds silently with no error.
BAn error is raised: privilege does not exist for role.
CThe command revokes all privileges from the role.
DThe command grants DELETE privilege instead.
Attempts:
2 left
💡 Hint
Think about idempotency of revoke commands.