The correct answer is A. Use secondary roles and primary roles .
Corrected typo:
Option B contains a typing error. ACCOONTADKIN should be corrected to ACCOUNTADMIN .
Snowflake allows a session to use a primary role and, optionally, secondary roles. Secondary roles allow users to access privileges from additional granted roles without constantly switching the active primary role.
Why A is correct:
A user can activate secondary roles by using USE SECONDARY ROLES. When secondary roles are enabled, the user can use privileges granted to all active secondary roles in addition to the current primary role.
Example:
USE ROLE analyst_role;
USE SECONDARY ROLES ALL;
This allows the user to operate with privileges from the primary role and all granted secondary roles.
Why the other options are incorrect:
B. Granting ACCOUNTADMIN is excessive and violates least privilege.
C. Granting a parent role may work in some role hierarchy designs, but it is not the specific Snowflake feature that allows multiple roles to be active in a session.
D. Creating a new combined role can work administratively, but it adds operational overhead and is not as direct as using secondary roles.
Official Snowflake documentation reference:
Snowflake documentation explains that a session has one current primary role and can also activate secondary roles. Secondary roles allow the privileges of additional roles granted to the user to be considered during authorization.
[Reference: Snowflake Documentation — Role hierarchy and privilege inheritance; Snowflake Documentation — Secondary roles; SnowPro Core Study Guide — Security and Access Control., ========================]