The correct answers are A and D because Snowflake's access control system explicitly combines elements of both Discretionary Access Control (DAC) and Role-Based Access Control (RBAC). According to Snowflake's official documentation and the community discussion with 100% consensus, DAC is implemented through object ownership where owners can grant access to other users, while RBAC is implemented through the assignment of privileges to roles that are then assigned to users. The other options are incorrect: B (IAM) is a broader AWS service, not a specific security model; C (MAC) is a different model not used in Snowflake's core access control; E (SAML) is an authentication protocol, not an access control model.