ATTACH POLICY is used to activate the network policy for an account and hence B is not applicable
Since network policy is applied at the user level , C is not applicable
By snowflake documentation, network policy is applied both at the user and the account level. to apply at the user level, the SECURITY ADMIN should have the additional privilege of OWNERSHIP on the USER and the NETWORK
D
Activate network policies for individual users
Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user.
Option B is not correct. This option applies to creating a network policy for an account.
https://docs.snowflake.com/en/user-guide/network-policies#activating-a-network-policy
D. Ownership privilege on both the user and the network policy
In Snowflake, to activate a network policy for an individual user, the user with the SECURITYADMIN role needs ownership privileges on both the user account and the network policy. This ensures the necessary permissions to manage and activate network policies for specific users.
C is the answer.
Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user.
Here key is the "or a higher role". Security admin is higher role to relevant user so direct ownership of user is not required but the network policy is required.
It is recommended but not guaranteed that SECURITYADMIN is always owner of a role. ACCOUNTADMIN, for example, can create a custom role as a high level (parallel with SECURITYADMIN) admin and can give a global CREATE ROLE privilege according to organization's needs. In this case only OWNERSHIP privilege of SECURITYADMIN cannot ensure to attach the policy to the user (which created by either ACCOUNTADMIN or a role for which SECURITYADMIN is not a higher role)
The correct answer is D.
Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user.
https://docs.snowflake.com/en/user-guide/network-policies#activating-network-policies-for-individual-users
D
https://docs.snowflake.com/en/user-guide/network-policies#activating-network-policies-for-individual-users:~:text=Only%20the%20role%20with%20the%20OWNERSHIP%20privilege%20on%20both%20the%20user%20and%20the%20network%20policy%2C%20or%20a%20higher%20role%2C%20can%20activate%20a%20network%20policy%20for%20an%20individual%20user
Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user.
https://docs.snowflake.com/en/user-guide/network-policies
Answer is D.
Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user.
Answer is B.
Only the role with the OWNERSHIP privilege on both the user and the network policy, or a higher role, can activate a network policy for an individual user.
Only security administrators (i.e. users with the SECURITYADMIN role) or higher or a role with the global CREATE NETWORK POLICY privilege can create network policies. Ownership of a network policy can be transferred to another role. Click Admin » Security » Network Policies.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
user_1011
1 month, 2 weeks ago0e504b5
10 months, 3 weeks agoSunnyb
11 months, 2 weeks agoLearner21525
1 year, 1 month agoumidjon03
1 year agoBobFar
1 year, 2 months agodmitriypo
1 year, 7 months agoMultiCloudIronMan
1 year, 8 months agoGiselaS
1 year, 9 months agojtm22
1 year, 9 months agoKarBiswa
1 year, 9 months agopsilvabr
1 year, 9 months agofalo10
1 year, 10 months agoShagunMittal
1 year, 10 months agoShagunMittal
1 year, 10 months agoEmiB
1 year, 9 months agoEmiB
1 year, 9 months agomuks86
1 year, 10 months ago