Exam SnowPro Core topic 1 question 59 discussion

By default, a newly-created role is not assigned to any user, nor granted to any other role. https://docs.snowflake.com/en/user-guide/security-access-control-overview.html

The answer is A. True. In Snowflake, when a user creates a role, they automatically become the owner of that role and retain ownership until it is explicitly transferred to another user. This is an important security concept in Snowflake's access control model: Key points: - The creator of a role becomes its owner by default - Role ownership gives special privileges for managing that role - Only the role owner can grant or revoke role privileges (unless ownership is transferred) - Ownership transfer must be done explicitly using the GRANT OWNERSHIP command - Role ownership is distinct from role membership This is important for the SnowPro Core exam as it relates to Snowflake's security model and role-based access control (RBAC) implementation.

**True.** When a user creates a role in Snowflake, they are automatically assigned as the owner of that role. This ownership includes the ability to grant privileges, revoke privileges, and transfer ownership of the role. The user retains ownership of the role until it is explicitly transferred to another user, typically using the `GRANT OWNERSHIP` command. Ownership transfer is required if someone else needs to fully control or manage that role's permissions.

That’s correct! In Snowflake, when a user creates a role, they are automatically assigned ownership of that role. This ownership includes the ability to grant and revoke privileges on the role, as well as the ability to transfer ownership to another user. The user retains ownership until they explicitly transfer it to someone else.

Correct answer:B ownership cannot be transfered

The answer is False. When a user creates a role, they are initially assigned the CREATE_ROLE privilege on the role. However, they do not automatically become the owner of the role. The ownership of the role is initially set to the SYSADMIN role. To become the owner of the role, the user must use the GRANT OWNERSHIP command. Once the user has become the owner of the role, they can manage the role and grant and revoke privileges on the role to other users. Therefore, the correct answer is False.

The statement is true: When a user creates a role, they are initially assigned ownership of the role, and they maintain ownership until it is transferred to another user. In many role-based access control systems or permission management systems, the user who creates a role is automatically designated as the owner of that role, and they have the authority to manage and modify the role's permissions and settings.

false once a role is created it has no function unless assigned or granted.

Seems like a tricky-wording question :/ Users don't own nothin

A is the answer.

To own an object means that a role has the OWNERSHIP privilege on the object. Each securable object is owned by a single role, which by default is the role used to create the object. When this role is assigned to users, they effectively have shared control over the object. In a regular schema, the owner role has all privileges on the object by default, including the ability to grant or revoke privileges on the object to other roles. In addition, ownership can be transferred from one role to another. However, in a managed access schema, object owners lose the ability to make grant decisions. Only the schema owner (i.e. the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant privileges on objects in the schema.

A. is the correct answer

Snowflake does not follow user based access control like oracle

B is correct

OPtion B is correct

Custom roles (i.e. any roles other than the system-defined roles) can be created by the USERADMIN role (or a higher role) as well as by any role to which the CREATE ROLE privilege has been granted. By default, a newly-created role is not assigned to any user, nor granted to any other role.

False. Ownership transfer from role to role.