Answer-first summary for fast verification
Answer: Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.
The correct answer is D. This approach follows Google-recommended practices by using groups for easier management of IAM policies. Creating a custom role by removing delete permissions ensures that users cannot accidentally delete datasets. Adding users to the group and then adding the group to the custom role is aligned with best practices, as it simplifies user management and adheres to the principle of least privilege.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization requires a way to allow users to have access to query datasets in BigQuery, ensuring they can perform all necessary read operations without granting them permissions that could lead to accidental deletion or modification of the datasets. According to Google-recommended practices, what should you do?
A
Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.
B
Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.
C
Create a custom role by removing delete permissions, and add users to that role only.
D
Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.
No comments yet.