There are a total 5 default system-defined roles in snowflake, those are
ACCOUNTADMIN
SYSADMIN
SECURITYADMIN
USERADMIN
PUBLIC
Below is
a graphical hierarchy of these roles in snowflake
ACCOUNTADMIN is a top-level role
in snowflake architecture, it has privileges of both SYSADMIN and SECURITYADMIN
PUBLIC is a lower-level role in
snowflake and USERADMIN role inherits all the privileges of PUBLIC and passes them
on to SECURITYADMIN
Here we will discuss, what users
can do when these roles are assigned.
ACCOUNTADMIN
inherits privilege of SYSADMIN
and SECURITYADMIN
It should be granted to very
limited users, and users with this role can do anything with snowflake objects
SECURITYADMIN
USERADMIN role is granted to
SECURITYADMIN role
user with this role can manage
users and roles in snowflake architecture
user can manage any object grants
globally
SYSADMIN
user with this role can create
data warehouses and databases
once custom roles are created,
need to assign it to SYSADMIN role
USERADMIN
user level role and assigned to
individual users
user with this role can create
users and roles
PUBLIC
this role is automatically
assigned to every user
user will be able to create their own objects