Answer-first summary for fast verification
Answer: Utilize the predefined IAM roles for each required access level in Cloud Storage and BigQuery, assigning users to these roles accordingly.
The correct answer is **B** because Google's best practice advocates for the use of predefined IAM roles over custom or primitive roles for finer-grained access control per service. Predefined roles are designed to provide the exact permissions needed without granting excessive access. Custom roles (Option D) should only be considered if predefined roles do not meet your specific requirements. Options A and C suggest using primitive roles (Owner, Editor, Viewer), which are not recommended for scenarios requiring granular access control as they offer broader permissions than typically necessary. For detailed guidance, refer to the GCP documentation on IAM roles and best practices.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have data stored in both Cloud Storage and BigQuery datasets within Google Cloud Platform. Your goal is to secure this data by implementing three distinct access levels: administrator, read/write, and read-only, adhering to Google's recommended practices. What is the best approach to achieve this?
A
At the Project level, assign your administrator user accounts to the Owner role, read/write user accounts to the Editor role, and read-only user accounts to the Viewer role.
B
Utilize the predefined IAM roles for each required access level in Cloud Storage and BigQuery, assigning users to these roles accordingly.
C
At the Organization level, allocate administrator user accounts to the Owner role, read/write user accounts to the Editor role, and read-only user accounts to the Viewer role.
D
Develop three custom IAM roles with tailored policies for the necessary access levels in Cloud Storage and BigQuery, then assign users to these roles.
No comments yet.