Answer-first summary for fast verification
Answer: roles/cloudsql.instanceUser and roles/spanner.databaseUser
To enable the analytics team to read data from Cloud SQL for SQL Server and update a table in Cloud Spanner with least privilege access, the service account needs specific roles. The roles/cloudsql.instanceUser is necessary for accessing the Cloud SQL instance, and roles/spanner.databaseUser is required for updating a table in Cloud Spanner. Option A provides insufficient access (only viewing Cloud SQL and basic Spanner user access). Option B grants excessive privileges (editor and admin roles). Option C is incorrect because roles/cloudsql.client does not exist, and roles/spanner.databaseReader only allows reading, not updating. Therefore, the correct roles are roles/cloudsql.instanceUser and roles/spanner.databaseUser, which are provided in option D.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Which predefined roles should be assigned to a service account to provide least privilege access for reading data from Cloud SQL for SQL Server and updating a table in Cloud Spanner?
A
roles/cloudsql.viewer and roles/spanner.databaseUser
B
roles/cloudsql.editor and roles/spanner.admin
C
roles/cloudsql.client and roles/spanner.databaseReader
D
roles/cloudsql.instanceUser and roles/spanner.databaseUser
No comments yet.