Answer-first summary for fast verification
Answer: Utilize BigQuery's row-level access policies to mask PII columns based on the other team's user identities.
Option A is the optimal choice because it leverages BigQuery's native row-level access policies and column masking capabilities to protect PII without duplicating or transforming the 1PB dataset. This approach provides fine-grained access control directly within BigQuery, allowing the other team to analyze non-sensitive data while masking PII columns based on their user identities. It avoids the significant overhead of copying or transforming 1PB of data, which makes options C and D impractical due to cost and time constraints. Option B is unsuitable as it exports data to Cloud Storage, which doesn't address PII protection within BigQuery and introduces unnecessary data movement. The community discussion strongly favors A (64% support) over C (36%), with key insights highlighting that A maintains data utility for the original team while securely sharing with others, whereas C would either compromise the original dataset or require costly duplication of the 1PB dataset.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your team manages a 1PB BigQuery dataset containing sensitive personally identifiable information (PII). You need to grant another team in your organization access to this dataset for analysis, but you must protect the PII. What should you do?
A
Utilize BigQuery's row-level access policies to mask PII columns based on the other team's user identities.
B
Export the BigQuery dataset to Cloud Storage. Create a VPC Service Control perimeter and allow only their team's project access to the bucket.
C
Implement data pseudonymization techniques to replace the PII fields with non-identifiable values. Grant the other team access to the pseudonymized dataset.
D
Create a filtered copy of the dataset and replace the sensitive data with hash values in a separate project. Grant the other team access to this new project.