Answer-first summary for fast verification
Answer: Utilize predefined IAM roles for each necessary access level for Cloud Storage and BigQuery, assigning users to these roles per service.
The correct approach is to use predefined IAM roles for each service, as they are designed to meet specific access needs without granting excessive permissions. This aligns with the principle of least privilege, ensuring users have only the access they need. Predefined roles also benefit from automatic updates by Google, reducing maintenance overhead. Assigning primitive roles at the organization or project level violates this principle by granting overly broad permissions. While creating custom roles achieves the desired access control, it introduces unnecessary complexity and maintenance, especially when predefined roles are available and suitable.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company handles customer PII data stored in Cloud Storage buckets, with a portion regularly imported into BigQuery for analytics. Ensuring strict access control is paramount. The analytics team requires read access to the bucket for data import, the operations team needs read/write access to both the bucket and BigQuery dataset for adding new customer PII, and Data Vigilance officers require Administrator access to both. Adhering to Google's recommended practices, what is the best course of action?
A
At the Organization level, assign the Owner role to Data Vigilance officers, the Editor role to the operations team, and the Viewer role to the analytics team.
B
At the Project level, assign the Owner role to Data Vigilance officers, the Editor role to the operations team, and the Viewer role to the analytics team.
C
Create 3 custom IAM roles tailored for the required access levels for Cloud Storage and BigQuery, then assign users accordingly.
D
Utilize predefined IAM roles for each necessary access level for Cloud Storage and BigQuery, assigning users to these roles per service.
No comments yet.