Answer-first summary for fast verification
Answer: roles/spanner.databaseAdmin for Person A roles/spanner.databaseReader for Person B roles/spanner.backupWriter for Application C
The question emphasizes the importance of Separation of Concerns (SoC) and the Principle of Least Privilege (PoLP). For Person A, who is a database administrator, the appropriate role is 'roles/spanner.databaseAdmin' as it grants full control over databases. Person B, an analyst generating metric reports, only needs read access, hence 'roles/spanner.databaseReader' is suitable. Application C, responsible for automatic backups, requires the ability to create and manage backups but not necessarily full database administration rights, making 'roles/spanner.backupWriter' the correct choice. Option A correctly assigns these roles, adhering to SoC and PoLP by providing each entity only the permissions necessary for their role.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a highly regulated industry where separation of concerns (SoC) and the principle of least privilege (PoLP) are essential, how should you assign Cloud Spanner roles to the following team members:
A
roles/spanner.databaseAdmin for Person A roles/spanner.databaseReader for Person B roles/spanner.backupWriter for Application C
B
roles/spanner.databaseAdmin for Person A roles/spanner.databaseReader for Person B roles/spanner.backupAdmin for Application C
C
roles/spanner.databaseAdmin for Person A roles/spanner.databaseUser for Person B roles/spanner databaseReader for Application C
D
roles/spanner.databaseAdmin for Person A roles/spanner.databaseUser for Person B roles/spanner.backupWriter for Application C
No comments yet.