Complete the code to create a role with read-only access.
CREATE ROLE [1];The data_reader role is typically used for read-only access, which supports governance by limiting data modification.
Complete the code to grant SELECT permission on a table to a role.
GRANT [1] ON TABLE sales_data TO ROLE data_reader;SELECT permission allows read access to the table, which is essential for data governance to ensure controlled data viewing.
Fix the error in the code to revoke a role's access properly.
REVOKE [1] ON DATABASE analytics FROM ROLE data_analyst;USAGE permission on a database allows a role to access it. Revoking USAGE removes access, which is key for governance.
Fill both blanks to create a secure masking policy and apply it to a column.
CREATE MASKING POLICY [1] AS (val STRING) RETURNS STRING -> CASE WHEN CURRENT_ROLE() [2] 'data_reader' THEN val ELSE '****' END;
The masking policy mask_ssn hides sensitive data unless the current role exactly matches data_reader.
Fill all three blanks to grant a masking policy to a column in a table.
ALTER TABLE customer_data ALTER COLUMN [1] SET MASKING POLICY [2]; GRANT [3] ON TABLE customer_data TO ROLE data_reader;
The ssn column is masked by mask_ssn policy, and SELECT permission is granted to the data_reader role for controlled access.