What role or roles should be used to properly create the object required to setup OAuth 2.0 integration?

What role or roles should be used to properly create the object required to setup OAuth 2.0 integration?
A . Any role with GRANT USAGE on SECURITY INTEGRATION
B . ACCOUNTADMIN and SYSADMIN
C . ACCOUNTADMIN and SECURITYADMIN
D . ACCOUNTADMIN only

View Answer

Answer: C

Explanation:

In Snowflake, setting up OAuth 2.0 integration typically requires two roles: ACCOUNTADMIN and SECURITYADMIN. The ACCOUNTADMIN role has the authority to create and manage the entire account, including security integrations. The SECURITYADMIN role is typically responsible for managing configurations related to security and authentication, including OAuth integrations.

Option A (Any role with GRANT USAGE on SECURITY INTEGRATION) might not be sufficient to create the necessary security integration objects. Option B (ACCOUNTADMIN and SYSADMIN) includes the SYSADMIN role, which is not necessary for setting up OAuth integrations. Option D (ACCOUNTADMIN only) might not encompass all permissions needed to create and manage security integrations, even though ACCOUNTADMIN is one of the highest privileged roles.

Therefore, the correct answer is that both ACCOUNTADMIN and SECURITYADMIN roles are required to properly create the objects needed for setting up OAuth 2.0 integration.