Explanation:
According to Snowflake documentation and the community discussion consensus, only security administrators (users with SECURITYADMIN role or higher) or roles with the global ATTACH POLICY privilege can activate and enforce a network policy for all users in an account. Option B (SECURITYADMIN or higher role) directly addresses the security administrator requirement, while option C (role with ATTACH POLICY privilege) covers the privilege-based approach. Option A (USERADMIN) is incorrect as USERADMIN manages users but not security policies. Option D (role with NETWORK_POLICY parameter) is incorrect as this parameter doesn't grant activation rights. Option E (OWNERSHIP of network policy) is insufficient as ownership alone doesn't grant account-wide enforcement capabilities.
Ultimate access to all questions.
Which two roles can activate and enforce a network policy for all users in a Snowflake account?
A
A user with an USERADMIN or higher role
B
A user with a SECURITYADMIN or higher role
C
A role that has been granted the ATTACH POLICY privilege
D
A role that has the NETWORK_POLICY account parameter set
E
A role that has the OWNERSHIP of the network policy
No comments yet.