Answer-first summary for fast verification
Answer: roles/dataproc.editor
The `roles/dataproc.editor` role is the most suitable choice as it provides a balanced set of permissions. It allows users to stop clusters, create clusters (often necessary for their own data processing needs), manage jobs (including submitting, monitoring, and managing job executions), and manage workflows (allowing users to instantiate and manage workflow templates). - `roles/dataproc.admin`: Grants extensive permissions, which might be excessive for regular users. - `roles/dataproc.viewer`: Provides read-only access, insufficient for the required actions. - Custom Role: While offering fine-grained control, it might introduce unnecessary complexity for this scenario. The `roles/dataproc.editor` role already provides a suitable set of permissions for most user needs. By using the `roles/dataproc.editor` role, you ensure that users have the necessary permissions to perform their tasks while minimizing the risk of unintended actions due to excessive privileges.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To adhere to Google Cloud's best practices for security, which role should be assigned to a user who needs to stop a Cloud Dataproc cluster, instantiate workflow templates, and perform other common user tasks?
A
Create a custom role with only permissions to stop the cluster and imitate workflows.
B
roles/dataproc.viewer
C
roles/dataproc.editor
D
roles/dataproc.admin
No comments yet.