You've been tasked with granting a new IAM member the necessary permissions to run queries on BigQuery, adhering to the principle of least privilege. Which role combination should you assign?