Which of the following commands does the Architect need to run for USER1 to find the tables using the Principle of Least Privilege?

An Architect entered the following commands in sequence:

USER1 cannot find the table.

Which of the following commands does the Architect need to run for USER1 to find the tables using the Principle of Least Privilege? (Choose two.)
A . GRANT ROLE PUBLIC TO ROLE INTERN;
B . GRANT USAGE ON DATABASE SANDBOX TO ROLE INTERN;
C . GRANT USAGE ON SCHEMA SANDBOX.PUBLIC TO ROLE INTERN;
D . GRANT OWNERSHIP ON DATABASE SANDBOX TO USER INTERN;
E . GRANT ALL PRIVILEGES ON DATABASE SANDBOX TO ROLE INTERN;

View Answer

Answer: B, C

Explanation:

According to the Principle of Least Privilege, the Architect should grant the minimum privileges necessary for the USER1 to find the tables in the SANDBOX database.

The USER1 needs to have USAGE privilege on the SANDBOX database and the SANDBOX.PUBLIC schema to be able to access the tables in the PUBLIC schema. Therefore, the commands B and C are the correct ones to run.

The command A is not correct because the PUBLIC role is automatically granted to every user and role in the account, and it does not have any privileges on the SANDBOX database by default. The command D is not correct because it would transfer the ownership of the SANDBOX database from the Architect to the USER1, which is not necessary and violates the Principle of Least Privilege. The command E is not correct because it would grant all the possible privileges on the SANDBOX database to the USER1, which is also not necessary and violates the Principle of Least Privilege.

Reference: Snowflake – Principle of Least Privilege: Snowflake – Access Control Privileges: Snowflake – Public Role: Snowflake – Ownership and Grants