A Snowflake organization MYORG consists of two Snowflake accounts:
The ACCOUNT1 has a database PROD_DB and the ORGADMIN role enabled.
Management wants to have the PROD_DB database replicated to ACCOUNT2.
Are there any necessary configuration steps in ACCOUNT1 before the database replication can be configured and initiated in ACCOUNT2?
According to the Snowflake documentation1, database replication across accounts within the same organization requires the following steps:
* Link the accounts in the organization using the ORGADMIN role.
* Enable account database replication for both the source and target accounts using the SYSTEM$GLOBAL_ACCOUNT_SET_PARAMETER function.
* Promote a local database to serve as the primary database and enable replication to the target accounts using the ALTER DATABASE ... ENABLE REPLICATION TO ACCOUNTS command.
* Create a secondary database in the target account using the CREATE DATABASE ... FROM SHARE command.
* Refresh the secondary database periodically using the ALTER DATABASE ... REFRESH command.
Option A is incorrect because it does not include the step of creating a secondary database in the target account. Option C is incorrect because replicating databases across accounts within the same organization is not enabled by default, but requires enabling account database replication for both the source and target accounts. Option D is incorrect because it is possible to replicate a database from an Enterprise edition Snowflake account to a Standard edition Snowflake account, as long as the IGNORE EDITION CHECK option is used in the ALTER DATABASE ... ENABLE REPLICATION TO ACCOUNTS command2. Option B is correct because it includes all the necessary configuration steps in ACCOUNT1, except for creating a secondary database in ACCOUNT2, which can be done after the replication is enabled.
The following SQL command was executed:
Use role SECURITYADMIN;
Grant ownership
On future tables
In schema PROD. WORKING
To role PROD_WORKING_OWNER;
Grant role PROD_WORKING_OWNER to role SYSADMIN;
Use role ACCOUNTADMIN;
Create table PROD.WORKING.XYZ (value number) ;
Which role(s) can alter or drop table XYZ?
According to the GRANT OWNERSHIP documentation, the ownership privilege grants full control over the table and can only be held by one role at a time. However, the current owner can also grant the ownership privilege to another role, which transfers the ownership to the new role. In this case, the SECURITYADMIN role granted the ownership privilege on future tables in the PROD.WORKING schema to the PROD_WORKING_OWNER role. This means that any table created in that schema after the grant statement will be owned by the PROD_WORKING_OWNER role. Therefore, the PROD_WORKING_OWNER role can alter or drop table XYZ, which was created by the ACCOUNTADMIN role in the PROD.WORKING schema. Additionally, the ACCOUNTADMIN role can also alter or drop table XYZ, because it is the top-level role that has all privileges on all objects in the account. Furthermore, the SYSADMIN role can also alter or drop table XYZ, because it was granted the PROD_WORKING_OWNER role by the SECURITYADMIN role. The SYSADMIN role can activate the PROD_WORKING_OWNER role and inherit its privileges, including the ownership privilege on table XYZ. The SECURITYADMIN role cannot alter or drop table XYZ, because it does not have the ownership privilege on the table, nor does it have the PROD_WORKING_OWNER role.
An Administrator has a table named SALES_DATA which needs some edits, but the Administrator does not want to change the main table data. The Administrator decides to
make a transient copy of this table and wants the transient table to have all the same permissions as the original table.
How can the Administrator create the transient table so it inherits the same permissions as the original table, and what considerations need to be made concerning the
requirements? (Select TWO).
According to the Snowflake documentation1, the COPY GRANTS option can be used to copy all privileges, except OWNERSHIP, from the existing table to the new transient table. This option also preserves any future grants defined for the object type in the schema. Option A is incorrect because it does not copy any grants from the original table. Option C is incorrect because it does not copy the data from the original table, only the structure and grants. Option E is incorrect because transient tables are not session-based and do not have a Fail-safe period, but they do have a Time Travel retention period2.
1: CREATE TABLE | Snowflake Documentation 2: Working with Temporary and Transient Tables | Snowflake Documentation
What roles or security privileges will allow a consumer account to request and get data from the Data Exchange? (Select TWO).
According to the Accessing a Data Exchange documentation, a consumer account can request and get data from the Data Exchange using either the ACCOUNTADMIN role or a role with the IMPORT SHARE and CREATE DATABASE privileges. The ACCOUNTADMIN role is the top-level role that has all privileges on all objects in the account, including the ability to request and get data from the Data Exchange. A role with the IMPORT SHARE and CREATE DATABASE privileges can also request and get data from the Data Exchange, as these are the minimum privileges required to create a database from a share. The other options are incorrect because:
* A. The SYSADMIN role does not have the privilege to request and get data from the Data Exchange, unless it is also granted the IMPORT SHARE and CREATE DATABASE privileges. The SYSADMIN role is a pre-defined role that has all privileges on all objects in the account, except for the privileges reserved for the ACCOUNTADMIN role, such as managing users, roles, and shares.
* B. The SECURITYADMIN role does not have the privilege to request and get data from the Data Exchange, unless it is also granted the IMPORT SHARE and CREATE DATABASE privileges. The SECURITYADMIN role is a pre-defined role that has the privilege to manage security objects in the account, such as network policies, encryption keys, and security integrations, but not data objects, such as databases, schemas, and tables.
* E. The IMPORT PRIVILEGES and SHARED DATABASE are not valid privileges in Snowflake. The correct privilege names are IMPORT SHARE and CREATE DATABASE, as explained above.
DatabaseA has a single schema called Schema1. This schema contains many tables and views. The ANALYST role has privileges to select from all objects in
DatabaseA. Schema1. The SYSADMIN role clones DatabaseA to DatabaseA_clone.
What privileges does the ANALYST role have on tables and views in DatabaseA_clone? (Select TWO).
According to the Snowflake documentation, when a database or schema is cloned, the clone inherits all granted privileges on the clones of all child objects contained in the source object, such as tables and views. However, the clone of the container itself does not inherit the privileges granted on the source container. Therefore, the ANALYST role will have SELECT privilege on all tables and views in DatabaseA_clone.Schema1, but not USAGE privilege on the database or schema. The type of view (secure or non-secure) does not affect the cloning of privileges.
Edwin
16 days agoNieves
2 months agoDaniel
3 months agoBrande
4 months agoTamar
5 months agoAdria
5 months agoJerilyn
6 months agoLindsey
6 months agoSunny
7 months agoLatia
7 months agoMike
7 months agoJaime
8 months agoSylvie
8 months agoGilma
8 months agoPeggie
9 months agoReid
9 months agoMarge
9 months agoErasmo
10 months agoKenda
10 months agoCarey
10 months agoJerilyn
10 months agoEden
11 months agoSanjuana
11 months agoNicolette
12 months agoYoko
1 years agoLou
1 years agoFreida
1 years agoArthur
1 years agoTamar
1 years agoChristiane
1 years agoLai
1 years ago