Answer-first summary for fast verification
Answer: Assign a BigQuery Data Viewer role along with an IAM condition that limits the access to specified working hours.
Option A is the correct answer because it uses IAM conditions with time-based restrictions, which is the Google Cloud recommended approach for implementing temporary access controls. IAM conditions allow fine-grained access control based on attributes like time and date, providing a native, secure, and automated solution without manual intervention. The community discussion strongly supports A (83% consensus) with references to official Google documentation on IAM conditions for expirable access. Option B is inefficient as it requires manual scripting and role management. Option C is overly complex, involving daily service account operations. Option D is incorrect because organizational policy constraints are not designed for time-based user access control at this granular level; they govern broader organizational settings, not individual user permissions.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You need to restrict user access to a BigQuery table so it is only permitted during standard working hours. What is the correct approach to implement this?
A
Assign a BigQuery Data Viewer role along with an IAM condition that limits the access to specified working hours.
B
Run a gsutil script that assigns a BigQuery Data Viewer role, and remove it only during the specified working hours.
C
Assign a BigQuery Data Viewer role to a service account that adds and removes the users daily during the specified working hours.
D
Configure Cloud Scheduler so that it triggers a Cloud Functions instance that modifies the organizational policy constraint for BigQuery during the specified working hours.