Answer-first summary for fast verification
Answer: Assign `roles/bigquery.dataViewer` and `roles/bigquery.jobUser` roles to a group, then add users to this group
The correct answer is **C** because it aligns with Google's best practices by using predefined roles and managing access through groups, which simplifies permission management and adheres to the principle of least privilege. Assigning roles to groups rather than individual users is recommended for scalability and security. Options A and B are less ideal because they involve assigning permissions directly to users or creating unnecessary custom roles. Option D, while similar to C, involves creating a custom role which is not required since predefined roles suffice for this scenario.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You’ve been tasked with granting a new IAM member the necessary permissions to run queries on BigQuery, adhering to Google's recommended best practices and the principle of least privilege. What is the most appropriate method to assign this access?
A
Assign roles/bigquery.dataViewer and roles/bigquery.jobUser roles directly to the users
B
Create a custom role combining roles/bigquery.dataViewer and roles/bigquery.jobUser roles, then assign this custom role to the users
C
Assign roles/bigquery.dataViewer and roles/bigquery.jobUser roles to a group, then add users to this group
D
Create a custom role combining roles/bigquery.dataViewer and roles/bigquery.jobUser roles, assign this custom role to a group, then add users to this group
No comments yet.