Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
How can the Snowflake context functions be used to help determine whether a user is authorized to see data that has column-level security enforced? (Choose two.)
A.
Set masking policy conditions using CURRENT_ROLE targeting the role in use for the current session.
B.
Set masking policy conditions using IS_ROLE_IN_SESSION targeting the role in use for the current account.
C.
Set masking policy conditions using INVOKER_ROLE targeting the executing role in a SQL statement.
D.
Determine if there are OWNERSHIP privileges on the masking policy that would allow the use of any function.
E.
Assign the ACCOUNTADMIN role to the user who is executing the object.
The following examples show how to use the INVOKER_ROLE in a masking policy SQL expression.
Return NULL for unauthorized users:
CREATE OR REPLACE MASKING POLICY mask_string AS
(val string) RETURNS string ->
CASE
WHEN INVOKER_ROLE() IN ('ANALYST') THEN val
ELSE NULL
END;
A: The CURRENT_ROLE() context function returns the role currently active for the session. Masking policies can be configured to apply based on the current role, allowing different views of data based on the user's role.
C: The INVOKER_ROLE() context function returns the role that invoked the function or SQL statement. This allows masking policies to dynamically apply based on the role executing the query, ensuring data security based on the user's permissions.
Changing to A & C. Although C isn't recommended, it is the more accurate description. For B the documentation states: Verifies whether the account role is in the user’s active primary or secondary role hierarchy for the session or if the specified column contains a role that is in the user’s active primary or secondary role hierarchy for the session.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MSIDDIQUI18
4 days, 11 hours agoMSIDDIQUI18
4 days, 12 hours ago67422cb
1 month, 2 weeks agoAtomic_Gecko
4 months, 1 week agoAtomic_Gecko
4 months, 1 week ago