Snowflake Exam ARA-R01 Topic 3 Question 5 Discussion

Actual exam question for Snowflake's ARA-R01 exam

Question #: 5
Topic #: 3

[All ARA-R01 Questions]

Role A has the following permissions:

. USAGE on db1

. USAGE and CREATE VIEW on schemal in db1

. SELECT on tablel in schemal

Role B has the following permissions:

. USAGE on db2

. USAGE and CREATE VIEW on schema2 in db2

. SELECT on table2 in schema2

A user has Role A set as the primary role and Role B as a secondary role.

What command will fail for this user?

Ause database db1;
use schema schemal;
create view v1 as select * from db2.schema2.table2;

Buse database db2;
use schema schema2;
create view v2 as select * from dbl.schemal. tablel;

Cuse database db2;
use schema schema2;
select * from db1.schemal.tablel union select * from table2;

Duse database db1;
use schema schemal;
select * from db2.schema2.table2;

Show Suggested Answer

Suggested Answer: B

This command will fail because while the user has USAGE permission on db2 and schema2 through Role B, and can create a view in schema2, they do not have SELECT permission on db1.schemal.table1 with Role B. Since Role A, which has SELECT permission on db1.schemal.table1, is not the currently active role when the view v2 is being created in db2.schema2, the user does not have the necessary permissions to read from db1.schemal.table1 to create the view. Snowflake's security model requires that the active role have all necessary permissions to execute the command.

by Bea at Apr 20, 2024, 05:48 PM

Limited Time Offer

25%

11 months ago

The command that will fail is option C

upvoted 0 times

...