In Snowflake, roles can inherit privileges from other roles. If Role A is granted to Role B, which of the following statements is true about Role B?
Think about how inheritance works in everyday situations, like a child inheriting traits from a parent.
When Role A is granted to Role B, Role B inherits all privileges of Role A plus any privileges assigned directly to Role B. This is how Snowflake manages role hierarchies.
You want to design a role hierarchy in Snowflake to follow the principle of least privilege. Which approach best supports this goal?
Think about how giving only what is needed helps keep things secure.
Creating multiple roles with specific privileges and granting lower-level roles to higher-level roles allows fine-grained control and supports least privilege by limiting access to only what is necessary.
If Role A is granted to Role B, and Role B is granted to User U, what happens when Role A is revoked from Role B?
Consider how removing a key from a chain affects access.
Revoking Role A from Role B immediately removes the privileges inherited by Role B and thus User U loses those privileges right away.
Which practice helps prevent privilege escalation through role hierarchy in Snowflake?
Think about who should have the keys to the kingdom.
Limiting powerful roles to trusted administrators prevents unauthorized users from escalating privileges by granting themselves or others high-level roles.
You notice a user cannot access a table even though they have a role that should grant access. The role hierarchy is complex. Which step is best to troubleshoot this issue?
Think about verifying the path of access step-by-step.
Access depends on the active role in the user's session and the privileges granted through the role hierarchy. Checking these helps identify missing grants or inactive roles.