Chat GPT is saying C
While "SECURITYADMIN" is a recommended role for creating databases, it's essential to configure this role's privileges and restrictions appropriately, as well as consider any specific organizational policies and requirements related to database creation and administration.
Yes, sysadmin can create users. Sysadmin is effectively a superuser so it can create multiple objects. However, by least privileges principles, you really shouldn't be using these privileged accounts all the time. There is a reason the useradmin account exists - this is so more users with minimal privs can be created and used.
https://docs.snowflake.com/en/user-guide/admin-user-management
In the link above, it says "The USERADMIN system role can create users using SQL (CREATE USER).
If you prefer to use a custom role for this purpose, grant the CREATE USER privilege on the account to this role.".
This suggests to me that snowflake is recommending users be created with useradmin and not sysadmin.
The question is: According to Snowflake best practice recommendations, which role should be used to create databases?
It is not asking which role should be used to create users?
The system administrator (SYSADMIN) role includes the privileges to create warehouses, databases, and all database objects (schemas, tables, etc.).
https://docs.snowflake.com/en/user-guide/security-access-control-considerations.html#:~:text=The%20system%20administrator%20(SYSADMIN)%20role,%2C%20tables%2C%20etc.).
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Mallikharjuna452
9 months, 3 weeks ago_yyukta
1 year, 2 months agoAfzy
1 year, 6 months agoMultiCloudIronMan
1 year, 10 months agoc0d3g
1 year, 10 months agoOscarWest2023
1 year, 11 months agoc0d3g
1 year, 10 months agoSV1122
2 years, 4 months agoKate0204
2 years, 5 months ago