Answer-first summary for fast verification
Answer: 1. Execute `gcloud iam roles describe roles/spanner.databaseUser` 2. Create a new group for the users 3. Assign the group to the role.
Option B is correct because Google Cloud Platform (GCP) recommends grouping users who require the same permissions and assigning IAM permissions to the group rather than to individual users. This approach uses the `spanner.databaseUser` role, which is appropriate for granting both view and edit access to databases within a Cloud Spanner instance. By adding users to a group and then assigning the group to the role, you ensure that any future users added to the group will automatically inherit the necessary permissions. Options A and D are incorrect because they involve assigning permissions directly to users, which is not the recommended practice. Options C and D are also incorrect because they use the `spanner.viewer` role, which only grants view access and does not meet the requirement for edit access. For more information, refer to the [Cloud Spanner IAM documentation](https://cloud.google.com/spanner/docs/iam).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company’s image tagging application is hosted on Google Cloud Platform (GCP). A new team within your organization has requested both view and edit access to an existing Cloud Spanner instance. What is the recommended best practice to grant such access?
A
gcloud iam roles describe roles/spanner.viewer --project my-project 2. Assign the users directly to the role.B
gcloud iam roles describe roles/spanner.databaseUser 2. Create a new group for the users 3. Assign the group to the role.C
gcloud iam roles describe roles/spanner.viewer --project my-project 2. Create a new group for the users 3. Assign the group to the role.D
gcloud iam roles describe roles/spanner.databaseUser 2. Assign the users directly to the role.No comments yet.