Answer-first summary for fast verification
Answer: Establish two separate groups: one for data analysts and another for data engineers. Assign data analysts to the data analyst group and data engineers to the data engineer group. Then, grant each group only the roles they need to perform their specific job functions.
The best practice is to assign roles to groups rather than to individual identities, adhering to the Principle of Least Privilege by ensuring each group has only the roles necessary for their job functions. The correct approach involves creating two distinct groups: one for data analysts with roles tailored to their needs, and another for data engineers with roles suited to their responsibilities. This method promotes security and efficiency. For more details, refer to Google Cloud's documentation on IAM best practices and understanding custom roles: [https://cloud.google.com/iam/docs/recommender-best-practices](https://cloud.google.com/iam/docs/recommender-best-practices) and [https://cloud.google.com/iam/docs/understanding-custom-roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your company has recently established a new data analytics team. The team includes data analysts who need to read from and write to Cloud Storage, as well as query data from BigQuery. Additionally, data engineers within the team are required to create Cloud Storage buckets and set data lifecycle management policies. Adhering to Google Cloud's recommended best practices, how should you manage access permissions for this team?
A
Assign roles individually to each user, giving data engineers the same roles as data analysts plus any additional roles necessary for their extra duties.
B
Form a single group for the entire data analytics team, granting this group all the roles required by both data analysts and data engineers, and include all team members in this group.
C
Establish two separate groups: one for data analysts and another for data engineers. Assign data analysts to the data analyst group and data engineers to the data engineer group. Then, grant each group only the roles they need to perform their specific job functions.
D
Provide roles to each user on an individual basis, assigning to data engineers and data analysts all roles that either role might need.