Answer: ACCOUNTADMIN, SECURITYADMIN

The correct answers are A (ACCOUNTADMIN) and B (SECURITYADMIN). In Snowflake managed access schemas, object owners lose the ability to grant privileges to prevent decentralized privilege management. Only specific roles can grant privileges on objects within managed access schemas: the schema owner (role with OWNERSHIP privilege on the schema) or any role with the MANAGE GRANTS global privilege. ACCOUNTADMIN and SECURITYADMIN are system roles that inherently possess the MANAGE GRANTS privilege, allowing them to grant object privileges in managed access schemas. The community discussion (with 100% consensus and multiple upvoted comments) confirms this, citing Snowflake documentation that explicitly states only SECURITYADMIN and ACCOUNTADMIN have the MANAGE GRANTS privilege by default. Other roles like SYSADMIN, ORGADMIN, and USERADMIN do not have this privilege unless explicitly granted, making them incorrect for this scenario.

Author: LeetQuiz Editorial Team