Answer-first summary for fast verification
Answer: Assign roles/bigquery.dataViewer and roles/bigquery.jobUser roles to a group; then add users to this group
The correct approach is to assign the necessary roles (roles/bigquery.dataViewer and roles/bigquery.jobUser) to a group and then add users to this group. This method aligns with Google's best practices by utilizing predefined roles and managing access through groups, which simplifies permission management for multiple users with similar responsibilities. Creating custom roles (options B and D) is unnecessary when predefined roles meet the requirements. Directly assigning roles to individual users (option A) is less efficient and harder to manage than using groups.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You've been tasked with adding a new IAM member and granting them the necessary permissions to run queries on BigQuery. Adhering to Google's recommended best practices and the principle of least privilege, how would you assign the access?
A
Assign roles/bigquery.dataViewer and roles/bigquery.jobUser roles directly to the users
B
Create a custom role combining roles/bigquery.dataViewer and roles/bigquery.jobUser; assign this custom role to the users
C
Assign roles/bigquery.dataViewer and roles/bigquery.jobUser roles to a group; then add users to this group
D
Create a custom role combining roles/bigquery.dataViewer and roles/bigquery.jobUser; assign this custom role to a group; then add users to this group
No comments yet.