The Development and External teams currently hold the project viewer Identity and Access Management (IAM) role for a folder named Visualization. Your objective is to configure permissions such that the Development Team can read data from both Google Cloud Storage and BigQuery, while ensuring that the External Team's access is restricted to reading data only from BigQuery. How would you accomplish this?

Exam-Like

Remove Cloud Storage IAM permissions to the External Team on the acme-raw-data project.

18.2%

Create Virtual Private Cloud (VPC) firewall rules on the acme-raw-data project that deny all ingress traffic from the External Team CIDR range.

9.1%

Create a VPC Service Controls perimeter containing both projects and BigQuery as a restricted API. Add the External Team users to the perimeter's Access Level.

15.2%

Create a VPC Service Controls perimeter containing both projects and Cloud Storage as a restricted API. Add the Development Team users to the perimeter's Access Level.

57.6%

Google Professional Data Engineer

Get started today

Comments