Snowflake Certification Practice Test

Which of the following best practices should NOT be followed regarding the ACCOUNTADMIN role?

• A. This role should be given to any user needing a high level of authority
• B. There should be at least two users granted this role
• C. All ACCOUNTADMIN users should have multi-factor authentication enabled
• D. Objects should not be created using this role

The correct answer is: This role should be given to any user needing a high level of authority

The ACCOUNTADMIN role in Snowflake is designed to have the highest privileges within the Snowflake environment. It allows users to perform all administrative tasks, including managing users, roles, and warehouses, as well as controlling access to data. Due to the extensive permissions granted by this role, best practices dictate that it should be assigned sparingly. Designating the ACCOUNTADMIN role to any user needing high levels of authority can lead to significant security vulnerabilities. If too many users have this level of access, it increases the risk of accidental data loss, unauthorized data exposure, and potential compliance issues. Instead, this role should be reserved for a limited number of trusted administrators who require such capabilities for managing the Snowflake environment effectively. This approach aligns with the principle of least privilege, which is central to cybersecurity best practices. Other best practices like having at least two users with the ACCOUNTADMIN role, enabling multi-factor authentication, and discouraging the use of this role for routine object creation are in place to enhance security and ensure effective governance, making option A the choice that contradicts these best practices.