Answer-first summary for fast verification
Answer: roles/bigquery.dataViewer and roles/bigquery.jobUser
The correct answer is **A** because the user only needs to query the data, which requires the ability to view the dataset and run queries. This is provided by `roles/bigquery.dataViewer` and `roles/bigquery.jobUser`, aligning with the principle of least privilege. - **Option B** is incorrect as `roles/bigquery.dataEditor` grants more privileges than necessary. - **Option C** is incorrect because `roles/bigquery.user` includes permissions beyond what's needed for querying. - **Option D** is incorrect as `roles/bigquery.dataOwner` provides excessive privileges for the task at hand. Refer to the GCP documentation on BigQuery Access Control for more details.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You've been tasked with granting a new IAM member the necessary permissions to run queries on BigQuery, adhering to the principle of least privilege. Which role combination should you assign?
A
roles/bigquery.dataViewer and roles/bigquery.jobUser
B
roles/bigquery.dataEditor and roles/bigquery.jobUser
C
roles/bigquery.dataViewer and roles/bigquery.user
D
roles/bigquery.dataOwner and roles/bigquery.jobUser