Answer-first summary for fast verification
Answer: Create curated tables in a separate dataset and assign the role roles/bigquery.dataViewer.
The question requires an IAM design adhering to the 'need to know' principle for three distinct roles. Option C is optimal because it directly addresses the business user's need for curated reports by creating separate datasets with curated tables and granting the roles/bigquery.dataViewer role, ensuring least privilege access. This aligns with BigQuery best practices for data segregation and controlled access. Option A is less suitable as granting the Project Viewer role to the security operator provides overly broad permissions beyond just reviewing user activity, violating the 'need to know' principle. Option B focuses on row-level security but doesn't comprehensively address all roles, and Option D involves insecure data sharing via email, which is inappropriate for sensitive data. The community discussion strongly supports C (71% consensus), with the top-voted comment emphasizing that C directly meets the business user's needs while maintaining security controls.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization uses BigQuery to manage highly sensitive, structured data and must adhere to the "need to know" principle. You need to design an Identity and Access Management (IAM) strategy to meet the requirements for the following roles:
What is the appropriate IAM configuration?
A
Configure data access log for BigQuery services, and grant Project Viewer role to security operator.
B
Set row-based access control based on the “region” column, and filter the record from the United States for data engineers.
C
Create curated tables in a separate dataset and assign the role roles/bigquery.dataViewer.
D
Generate a CSV data file based on the business user's needs, and send the data to their email addresses.
No comments yet.