If a user is associated to both an account-level and user-level network policy, which policy takes precedence?

Master the SnowPro Advanced Architect Test with flashcards, multiple-choice questions, and detailed explanations. Prepare thoroughly for your certification!

Multiple Choice

If a user is associated to both an account-level and user-level network policy, which policy takes precedence?

Explanation:
The key idea is specificity: a user-level policy applies specifically to that individual, so it governs that user even when an account-level policy also exists. When both policies exist, the user-level policy takes precedence because it is more targeted. That means the user’s access decisions are determined by the user-level rules for that user; the account-level policy only applies to users who don’t have their own user-level policy. For example, if the account-wide policy allows a broad IP range but a particular user has a user-level policy restricting to a smaller range, that user will be limited to the smaller range. If no user-level policy exists for someone, the account-level policy controls them.

The key idea is specificity: a user-level policy applies specifically to that individual, so it governs that user even when an account-level policy also exists. When both policies exist, the user-level policy takes precedence because it is more targeted. That means the user’s access decisions are determined by the user-level rules for that user; the account-level policy only applies to users who don’t have their own user-level policy. For example, if the account-wide policy allows a broad IP range but a particular user has a user-level policy restricting to a smaller range, that user will be limited to the smaller range. If no user-level policy exists for someone, the account-level policy controls them.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy