Exam SnowPro Core topic 1 question 4 discussion

I think the answer to this should be USERADMIN which is not in the options. So the next best answer will be SECURITYADMIN

Here the answer should be SECURITYADMIN as it is parent of USERADMIN (which is the correct answer) More details: https://docs.snowflake.com/en/user-guide/security-access-control-considerations Attention By default, when your account is provisioned, the first user is assigned the ACCOUNTADMIN role. This user should then create one or more additional users who are assigned the USERADMIN role. All remaining users should be created by the user(s) with the USERADMIN role or another role that is granted the global CREATE USER privilege.

TYPES OF ROLES: SYSTEM ROLES: ● ORGADMIN manages operations at the organizational level ● ACCOUNTADMIN performs administrative functions ● SECURITYADMIN creates and manages users and roles, and manages grants ● USERADMIN creates users and roles ● SYSADMIN creates and manages databases, schemas, and warehouses ● PUBLIC is available to all users, but (by default) cannot do anything but log in CUSTOM ROLES: ● Created by the SECURITYADMIN or USERADMIN based on a company's desired hierarchy ● Custom roles generally "roll up" to the SYSADMIN role

B.Securityadmin

correct answer:B

B. SECURITYADMIN The SECURITYADMIN role is specifically designed to handle security-related tasks, including the creation and management of users and roles. This role has the necessary privileges to manage all aspects of user and role administration, which is essential for maintaining a secure and well-managed Snowflake environment.

Security admin: creates and manges users and roles, and manages grants

Answer B

B. SECURITYADMIN

Answer B

voted B, parent of USERADMIN

SECURITYADMIN, parent of USERADMIN

SECURITY ADMIN

the best answer is : USERADMIN The user administrator (USERADMIN) role includes the privileges to create and manage users and roles. The USERADMIN role is a child of thishttps://docs.snowflake.com/en/user-guide/security-access-control-considerations role in the default access control hierarchy.

The security administrator (i.e users with the SECURITYADMIN system role) role includes the global MANAGE GRANTS privilege to grant or revoke privileges on objects in the account. The USERADMIN role is a child of this role in the default access control hierarchy.

Being as they're mentioning the default roles, the "recommended" account out of the box should be SECURITYADMIN. Can you use ACCOUNTADMIN - Yes, but it's not the recommended practice at this point based on the question.

Correct answer is SECURITY ADMIN, whose aim is create, monitor, and manage users and roles. The ACCOUNTADMIN can also do this but is very powerful and should not be assigned for everyone. It should be granted only to a limited/controlled number of users in the account. Check the source: https://docs.snowflake.com/en/user-guide/security-access-control-overview