
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
Support engineers need monitoring access to Cloud Spanner but no data access. What role should you grant?
A
roles/spanner.databaseUser
B
roles/spanner.viewer
C
roles/owner
D
roles/viewer
Explanation:
Correct Answer: B) roles/spanner.viewer
Let's analyze each option:
A) roles/spanner.databaseUser - This role provides read/write access to Cloud Spanner databases, which includes data access. This is too permissive for support engineers who only need monitoring access.
B) roles/spanner.viewer - This role provides read-only access to Cloud Spanner resources, allowing users to view configuration, metadata, and monitoring information without accessing the actual data. This is the appropriate role for support engineers who need monitoring access but no data access.
C) roles/owner - This is the Owner role at the project level, which provides full control over all resources in the project, including data access. This is far too permissive.
D) roles/viewer - This is the basic Viewer role at the project level, which provides read-only access to all resources in the project. While this includes monitoring access, it also potentially allows viewing of other resources beyond Cloud Spanner, which may not be necessary.
Key Points:
roles/spanner.viewer is specifically designed for Cloud Spanner monitoring scenariosFor support engineers who need to monitor Cloud Spanner performance, view metrics, and troubleshoot issues without accessing sensitive data, roles/spanner.viewer is the most appropriate choice.