Answer-first summary for fast verification
Answer: Ownership privilege on both the user and the network policy
According to Snowflake documentation and the community consensus (with multiple comments citing the official docs and receiving upvotes), to activate a network policy for an individual user, the role must have OWNERSHIP privilege on both the user and the network policy, or be a higher role. While SECURITYADMIN is a high-level role, it still requires explicit ownership on both objects to apply the policy to a specific user. Option B (global ATTACH POLICY privilege) is for account-level application, not individual users. Option C is incorrect because ownership on just the role that created the policy is insufficient - direct ownership on the user is also required. Option A (EXECUTE TASK) is unrelated to network policy management.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Which privilege allows a user with the SECURITYADMIN role to apply a network policy to a specific user?
A
A role that has been granted the EXECUTE TASK privilege
B
A role that has been granted the global ATTACH POLICY privilege
C
Ownership privilege on only the role that created the network policy
D
Ownership privilege on both the user and the network policy
No comments yet.