
Explanation:
The correct answer is A because the user only needs to query the data, which requires the ability to view the dataset and run queries. This is provided by roles/bigquery.dataViewer and roles/bigquery.jobUser, aligning with the principle of least privilege.
roles/bigquery.dataEditor grants more privileges than necessary.roles/bigquery.user includes permissions beyond what's needed for querying.roles/bigquery.dataOwner provides excessive privileges for the task at hand.Refer to the GCP documentation on BigQuery Access Control for more details.
Ultimate access to all questions.
You've been tasked with granting a new IAM member the necessary permissions to run queries on BigQuery, adhering to the principle of least privilege. Which role combination should you assign?
A
roles/bigquery.dataViewer and roles/bigquery.jobUser
B
roles/bigquery.dataEditor and roles/bigquery.jobUser
C
roles/bigquery.dataViewer and roles/bigquery.user
D
roles/bigquery.dataOwner and roles/bigquery.jobUser
No comments yet.