Challenge - 5 Problems
Snowflake Role Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate2:00remaining
Role Privilege Scope Understanding
Which system-defined role in Snowflake has the highest level of privileges, including the ability to manage all other roles and account-level settings?
Attempts:
2 left
💡 Hint
Think about the role that controls the entire account and can assign other roles.
✗ Incorrect
The ACCOUNTADMIN role has the highest privileges in Snowflake. It can manage all other roles, users, and account-level settings. Other roles have more limited scopes.
❓ service_behavior
intermediate2:00remaining
Role Behavior on Object Ownership
If a user with the SYSADMIN role creates a new database, who becomes the owner of that database by default?
Attempts:
2 left
💡 Hint
Ownership is assigned to the role that performs the creation.
✗ Incorrect
When a user with the SYSADMIN role creates a database, the SYSADMIN role becomes the owner of that database by default.
❓ security
advanced2:00remaining
Role Hierarchy and Privilege Delegation
Which system-defined role is primarily responsible for managing role grants and user access control in Snowflake?
Attempts:
2 left
💡 Hint
This role handles security-related tasks like granting roles and privileges.
✗ Incorrect
The SECURITYADMIN role manages role grants and user access control, including creating users and assigning roles.
✅ Best Practice
advanced2:00remaining
Least Privilege Principle Application
To follow the least privilege principle, which role should be assigned to a user who only needs to create and manage warehouses but not manage users or roles?
Attempts:
2 left
💡 Hint
Consider the role that manages compute resources but not security.
✗ Incorrect
The SYSADMIN role is appropriate for managing warehouses and other objects without access to user or role management, aligning with least privilege.
❓ Architecture
expert3:00remaining
Role Usage in Multi-Account Architecture
In a Snowflake multi-account setup, which role should be used to centrally manage security policies and user access across all accounts?
Attempts:
2 left
💡 Hint
Think about a role designed for security management that can be used consistently across accounts.
✗ Incorrect
The SECURITYADMIN role is designed to manage security policies and user access. In multi-account setups, using SECURITYADMIN in each account coordinated centrally is best practice.