Based on post from Venkatesh Sekar, but with lots of code cleanup.
You may be asked to participate in a security and audit review and have to answer some questions like these:
- How are our users connected to Snowflake?
- What are the custom roles that we implemented?
- Which users are assigned to which hierarchy?
- What are the privileges assigned to a particular role, and which privileges are granted via inheritance?
- Given a database object such as a table, how is that table accessed by a specific user and through which roles?
- Are there any ghost or zombie roles?
- Are the roles getting inherited by SYSADMIN or SECURITYADMIN?
- Which users are assigned to ACCOUNTADMIN?
- Are there any tables getting created and assigned to SYSADMIN and not following best practices?
- Can you provide a visual representation of users, roles, and grants in Snowflake?
And so on and so forth.