Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
You've been tasked with adding a new IAM member and granting them the necessary permissions to run queries on BigQuery. Adhering to Google's recommended best practices and the principle of least privilege, how would you assign the access?
You've been tasked with adding a new IAM member and granting them the necessary permissions to run queries on BigQuery. Adhering to Google's recommended best practices and the principle of least privilege, how would you assign the access?
Explanation:
The correct approach is to assign the necessary roles (roles/bigquery.dataViewer and roles/bigquery.jobUser) to a group and then add users to this group. This method aligns with Google's best practices by utilizing predefined roles and managing access through groups, which simplifies permission management for multiple users with similar responsibilities. Creating custom roles (options B and D) is unnecessary when predefined roles meet the requirements. Directly assigning roles to individual users (option A) is less efficient and harder to manage than using groups.