Day 3: Security, Data Sharing, Cost & New Features 2026
✅ Pro Tip
Time: 5-6 hours | Priority: HIGH — Security + new features differentiate senior candidates
Context: GDPR compliance, multiple airline partners, travel data governance
Approach: Simple explanation → analogy → technical depth → code → interview tip
SECTION 1: RBAC — ROLE-BASED ACCESS CONTROL (1 hour)
Q1: What is RBAC in Snowflake? What are the system roles?
Simple Explanation: RBAC (Role-Based Access Control) is how Snowflake controls who can access what. Instead of giving permissions directly to users, you give permissions to roles, and then assign roles to users. This makes it easy to manage 1000 users — change the role once, all users inheriting it are updated.
Real-world analogy: In a hotel, instead of giving each employee their own set of physical keys, you give them a "key card type" (role). Reception key cards open lobby, rooms, storage. Manager cards open everything. If you change what a Reception card can open, ALL receptionists are automatically updated.
The System Roles (Snowflake's built-in roles):
ACCOUNTADMIN (top of hierarchy — most powerful)
│ Owns everything. See billing, account settings, all objects.
│ ⚠️ NEVER use for daily work. Reserved for 2-3 senior admins only.
│ ⚠️ Do NOT set as default role for any user!
SECURITYADMIN
│ Can create and manage ALL roles and users
│ Grants/revokes privileges on objects (MANAGE GRANTS)
│ Used for: creating custom roles, assigning privileges
USERADMIN
│ Can create users and roles ONLY
│ Cannot grant privileges on data objects
│ Used for: onboarding new employees
SYSADMIN
│ Can create warehouses, databases, schemas, tables
│ All custom roles should inherit UP to SYSADMIN
│ Used for: creating all data infrastructure
│ ⚠️ Best practice: custom