Answer-first summary for fast verification
Answer: Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.
The correct answer is D because the principle of least privilege should be followed. The question does not specify the need for more than read-only access to BigQuery datasets. As per best practices, it's important to grant the minimal necessary privileges. Option D gives the bigquery.dataViewer role, which is appropriate for read-only access, to the service account in the web-applications project, without unnecessarily granting broad 'project owner' permissions. This aligns with Google's recommendations for managing access control in a secure and efficient manner.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are setting up service accounts for an application that operates across various projects within Google Cloud. Specifically, virtual machines (VMs) in the "web-applications" project require access to BigQuery datasets located in the "crm-databases-proj" project. In order to adhere to Google-recommended best practices for granting access, how should you configure the service account in the "web-applications" project to achieve this?
A
Give 'project owner' role for web-applications appropriate roles to crm-databases-proj.
B
Give 'project owner' role to crm-databases-proj and the web-applications project.
C
Give 'project owner' role to crm-databases-proj and bigquery.dataViewer role to web-applications.
D
Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.
No comments yet.