Snowflake System Roles – USERADMIN vs SECURITYADMIN

The USERADMIN role didn’t exist before April 2020, as this new role was introduced as an improvement to enable accounts to separate the management of users and roles from the SECURITYADMIN role – if desired.

You can use either system role to GRANT ROLE. The best practice should be determined by your own security policy.

Because the USERADMIN role is assigned to the SECURITYADMIN role, users with the SECURITYADMIN role can still administer users and roles. However, companies can now assign the USERADMIN role to separate the management of users and roles from the management of all grants.

Use of the USERADMIN role to separate these duties is optional. The decision to use the USERADMIN role is driven entirely by the security model implemented for your account.

My own recommendation: Since USERADMIN can GRANT ROLE, and USERADMIN is the more restricted role — then choose to use USERADMIN when granting roles.

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top