Answer-first summary for fast verification
Answer: A user with a SECURITYADMIN or higher role, A role that has been granted the ATTACH POLICY privilege
According to Snowflake documentation and the community discussion consensus, only security administrators (users with SECURITYADMIN role or higher) or roles with the global ATTACH POLICY privilege can activate and enforce a network policy for all users in an account. Option B (SECURITYADMIN or higher role) directly addresses the security administrator requirement, while option C (role with ATTACH POLICY privilege) covers the privilege-based approach. Option A (USERADMIN) is incorrect as USERADMIN manages users but not security policies. Option D (role with NETWORK_POLICY parameter) is incorrect as this parameter doesn't grant activation rights. Option E (OWNERSHIP of network policy) is insufficient as ownership alone doesn't grant account-wide enforcement capabilities.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Which two roles can activate and enforce a network policy for all users in a Snowflake account?
A
A user with an USERADMIN or higher role
B
A user with a SECURITYADMIN or higher role
C
A role that has been granted the ATTACH POLICY privilege
D
A role that has the NETWORK_POLICY account parameter set
E
A role that has the OWNERSHIP of the network policy