1. An architect is designing a Snowflake Native App that will be published on the Snowflake Marketplace. The app must allow the consumer to install it in their own Snowflake account and query provider-owned data without the provider ever exposing the underlying tables directly. Which two features of the Native App Framework enable this pattern? (Select TWO.)
- A. Secure Views defined inside the application package, which restrict column-level access to the underlying provider data
- B. Shared databases attached to the application package, so the consumer account queries provider data through the app's versioned objects✓ Correct
- C. Data Sharing via a listing, so the app installs a reference to the provider's share inside the consumer account
- D. Application roles granted to consumers, which scope permissions to only the objects exposed by the app✓ Correct
- E. External tables pointing to a provider-owned S3 bucket, allowing consumers to query raw files without table grants
Explanation
In the Native App Framework, the APPLICATION PACKAGE acts as a container that bundles the application logic with references to provider data (via shares included in the package). Consumers install the app from the package, querying provider data only through the app's versioned objects — the underlying tables are never directly shared. APPLICATION ROLES are defined inside the app and granted to consumer users, scoping exactly which app objects they can access. Option A (Secure Views) is a general Snowflake feature and not a Native App-specific mechanism; while views can be used inside an app, they alone do not define the Native App data-isolation model. Option C confuses a Marketplace listing (a distribution mechanism) with the architectural pattern; the listing is how the app is published, not how data isolation is enforced. Option E (External tables on provider S3) would expose the provider's storage outside Snowflake's control and is not a Native App pattern.