Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Snowflake Exam ARA-R01 Topic 3 Question 31 Discussion

Actual exam question for Snowflake's ARA-R01 exam
Question #: 31
Topic #: 3
[All ARA-R01 Questions]

An Architect needs to grant a group of ORDER_ADMIN users the ability to clean old data in an ORDERS table (deleting all records older than 5 years), without granting any privileges on the table. The group's manager (ORDER_MANAGER) has full DELETE privileges on the table.

How can the ORDER_ADMIN role be enabled to perform this data cleanup, without needing the DELETE privilege held by the ORDER_MANAGER role?

Show Suggested Answer Hide Answer
Suggested Answer: C

This is the correct answer because it allows the ORDER_ADMIN role to perform the data cleanup without needing the DELETE privilege on the ORDERS table. A stored procedure is a feature that allows scheduling and executing SQL statements or stored procedures in Snowflake. A stored procedure can run with either the caller's rights or the owner's rights. A caller's rights stored procedure runs with the privileges of the role that called the stored procedure, while an owner's rights stored procedure runs with the privileges of the role that created the stored procedure. By creating a stored procedure that runs with owner's rights, the ORDER_MANAGER role can delegate the specific task of deleting old data to the ORDER_ADMIN role, without granting the ORDER_ADMIN role more general privileges on the ORDERS table. The stored procedure must include the appropriate business logic to delete only the records older than 5 years, and the ORDER_MANAGER role must grant the USAGE privilege on the stored procedure to the ORDER_ADMIN role.The ORDER_ADMIN role can then execute the stored procedure to perform the data cleanup12.


Snowflake Documentation: Stored Procedures

Snowflake Documentation: Understanding Caller's Rights and Owner's Rights Stored Procedures

by Renay at Apr 04, 2025, 01:38 AM

Limited Time Offer

25%

Off

Get Premium ARA-R01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Nancey
18 days ago
Wait, is the ORDER_MANAGER role allowed to own the procedure in the first place? Seems like a potential security risk. I'd go with option B to be on the safe side.
upvoted 0 times
...
Emiko
20 days ago
Haha, D is a classic 'this is not possible' answer. At least the question is giving us a real-world scenario to work with.
upvoted 0 times
Ressie
2 days ago
A) Create a stored procedure that runs with caller's rights, including the appropriate '> 5 years' business logic, and grant USAGE on this procedure to ORDER_ADMIN. The ORDER_MANAGER role owns the procedure.
upvoted 0 times
...
...
Shelba
30 days ago
Ah, I see. Option A looks like it would work too, but having the ORDER_MANAGER own the procedure is a bit sketchy. I don't know, I'm torn between B and C.
upvoted 0 times
Sherell
16 days ago
I think Option A is the best choice. It allows ORDER_ADMIN to clean old data without needing DELETE privilege.
upvoted 0 times
...
...
Louisa
1 months ago
I think option C is the way to go. Keeping the business logic in the stored procedure and running it with the owner's rights is a cleaner approach.
upvoted 0 times
Carisa
19 days ago
That's a good point, but I think having the business logic in the stored procedure itself, like in option C, is more organized.
upvoted 0 times
...
Naomi
21 days ago
But wouldn't it be better to have the flexibility of choosing rights during execution, like in option B?
upvoted 0 times
...
Selene
1 months ago
I agree, option C seems like the most secure way to handle this.
upvoted 0 times
...
...
Rose
1 months ago
I'm not sure about option A. Maybe we should consider option B as well, since it allows the user to specify rights during execution.
upvoted 0 times
...
Apolonia
2 months ago
I agree with Nikita. Option A seems like the most secure and efficient solution for this scenario.
upvoted 0 times
...
Oretha
2 months ago
Hmm, option B seems like the best choice here. Giving the ORDER_ADMIN users the ability to choose which rights to use during execution is a pretty neat solution.
upvoted 0 times
Alease
True, but with option B, ORDER_ADMIN can have more control over the execution rights.
upvoted 0 times
...
My
23 hours ago
But wouldn't option A also work since it grants USAGE on the procedure to ORDER_ADMIN?
upvoted 0 times
...
Tuyet
8 days ago
I agree, option B sounds flexible and secure.
upvoted 0 times
...
Maryann
16 days ago
I see your point. Having the ability to choose rights during execution can be beneficial in this case.
upvoted 0 times
...
Amina
20 days ago
True, option A could work as well, but option B gives more control to the ORDER_ADMIN users.
upvoted 0 times
...
Kayleigh
23 days ago
But wouldn't option A also work since it grants USAGE on the procedure to ORDER_ADMIN?
upvoted 0 times
...
Michel
24 days ago
I agree, option B sounds like a flexible solution for this scenario.
upvoted 0 times
...
...
Nikita
2 months ago
I think option A is the best choice. It allows ORDER_ADMIN to clean old data without needing DELETE privilege.
upvoted 0 times
...

Save Cancel