Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Snowflake Discussions
exam questions

Exam SnowPro Advanced Architect All Questions

View all questions & answers for the SnowPro Advanced Architect exam
Go to Exam

Exam SnowPro Advanced Architect topic 1 question 99 discussion

Actual exam question from Snowflake's SnowPro Advanced Architect
Question #: 99
Topic #: 1
[All SnowPro Advanced Architect Questions]

How can the Snowflake context functions be used to help determine whether a user is authorized to see data that has column-level security enforced? (Choose two.)

  • A. Set masking policy conditions using CURRENT_ROLE targeting the role in use for the current session.
  • B. Set masking policy conditions using IS_ROLE_IN_SESSION targeting the role in use for the current account.
  • C. Set masking policy conditions using INVOKER_ROLE targeting the executing role in a SQL statement.
  • D. Determine if there are OWNERSHIP privileges on the masking policy that would allow the use of any function.
  • E. Assign the ACCOUNTADMIN role to the user who is executing the object.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by Atomic_Gecko at March 1, 2024, 11:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
MSIDDIQUI18
4 months, 2 weeks ago
The following examples show how to use the INVOKER_ROLE in a masking policy SQL expression. Return NULL for unauthorized users: CREATE OR REPLACE MASKING POLICY mask_string AS (val string) RETURNS string -> CASE WHEN INVOKER_ROLE() IN ('ANALYST') THEN val ELSE NULL END;
upvoted 1 times
...
MSIDDIQUI18
4 months, 2 weeks ago
A: The CURRENT_ROLE() context function returns the role currently active for the session. Masking policies can be configured to apply based on the current role, allowing different views of data based on the user's role. C: The INVOKER_ROLE() context function returns the role that invoked the function or SQL statement. This allows masking policies to dynamically apply based on the role executing the query, ensuring data security based on the user's permissions.
upvoted 2 times
...
67422cb
6 months ago
Which you then use to determine whether the column is visible in a data masking arrangement. Why can't B be used?
upvoted 1 times
...
Atomic_Gecko
8 months, 3 weeks ago
Changing to A & C. Although C isn't recommended, it is the more accurate description. For B the documentation states: Verifies whether the account role is in the user’s active primary or secondary role hierarchy for the session or if the specified column contains a role that is in the user’s active primary or secondary role hierarchy for the session.
upvoted 1 times
...
Atomic_Gecko
8 months, 3 weeks ago
A & B are correct answers
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel