Explanation:
Option B is correct because Google Cloud Platform (GCP) recommends grouping users who require the same permissions and assigning IAM permissions to the group rather than to individual users. This approach uses the spanner.databaseUser role, which is appropriate for granting both view and edit access to databases within a Cloud Spanner instance. By adding users to a group and then assigning the group to the role, you ensure that any future users added to the group will automatically inherit the necessary permissions. Options A and D are incorrect because they involve assigning permissions directly to users, which is not the recommended practice. Options C and D are also incorrect because they use the spanner.viewer role, which only grants view access and does not meet the requirement for edit access. For more information, refer to the Cloud Spanner IAM documentation.
Ultimate access to all questions.
Your company’s image tagging application is hosted on Google Cloud Platform (GCP). A new team within your organization has requested both view and edit access to an existing Cloud Spanner instance. What is the recommended best practice to grant such access?
A
gcloud iam roles describe roles/spanner.viewer --project my-project 2. Assign the users directly to the role.B
gcloud iam roles describe roles/spanner.databaseUser 2. Create a new group for the users 3. Assign the group to the role.C
gcloud iam roles describe roles/spanner.viewer --project my-project 2. Create a new group for the users 3. Assign the group to the role.D
gcloud iam roles describe roles/spanner.databaseUser 2. Assign the users directly to the role.No comments yet.