Answer: ACCOUNTADMIN, Any role that has the global ATTACH POLICY privilege

The question asks which roles can activate a network policy for users in a Snowflake account, requiring two answers. According to Snowflake documentation and the community discussion consensus (with AE receiving 80% of votes and multiple upvoted comments supporting it), only security administrators (SECURITYADMIN role) or higher, or any role with the global ATTACH POLICY privilege, can perform this action. Option A (ACCOUNTADMIN) is correct because it is a higher role than SECURITYADMIN. Option E is correct because any role with the global ATTACH POLICY privilege can activate network policies. Option B (USERADMIN) is incorrect as it is lower than SECURITYADMIN and lacks the necessary privileges. Option C (PUBLIC) is incorrect as it is a low-privilege role. Option D (SYSADMIN) is incorrect as it focuses on system administration, not security policies. The community discussion strongly supports AE, with detailed reasoning that aligns with Snowflake's security model.

Author: LeetQuiz Editorial Team