The query that Snowflake provides to identify privileged users is wrong.

I wrote a better version here: https://gist.github.com/titan-teej/924dcb42604a98b90d6419262...

TL;DR they don't check for users who can transitively gain admin access.