What is a characteristic of Role-Based Access Control (RBAC) as used in Snowflake?
A.
Privileges can be granted at the database level and can be inherited by all underlying objects.
B.
A user can use a "super-user" access along with SECURITYADMIN to bypass authorization checks and access all databases, schemas, and underlying objects.
C.
A user can create managed access schemas to support future grants and ensure only schema owners can grant privileges to other roles.
D.
A user can create managed access schemas to support current and future grants and ensure only object owners can grant privileges to other roles.
In a regular schema, the owner role has all privileges on the object by default, including the ability to grant or revoke privileges on the object to other roles. In addition, ownership can be transferred from one role to another. However, in a managed access schema, object owners lose the ability to make grant decisions. Only the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant privileges on objects in the schema.
https://docs.snowflake.com/en/user-guide/security-access-control-overview
D is correct: With managed access schemas, object owners lose the ability to make grant decisions. Only the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant privileges on objects in the schema, including future grants, centralizing privilege management.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Arkitekt
1 month, 2 weeks agoAtomic_Gecko
10 months agoAtomic_Gecko
10 months ago