Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
You need to grant users access to Cloud Spanner databases. Which role is appropriate?
Simulated
Community
RRodrigo
A
roles/spanner.databaseUser
B
roles/viewer
C
roles/owner
D
roles/editor
Explanation:
Explanation
Correct Answer: A) roles/spanner.databaseUser
Why this is correct:
- Specificity: The
roles/spanner.databaseUserrole is specifically designed for granting access to Cloud Spanner databases. It provides the necessary permissions to read and write data in Spanner databases. - Principle of Least Privilege: This role follows the security best practice of granting only the permissions needed for the specific task (accessing databases), rather than broader permissions.
- Google Cloud IAM Best Practices: For database access, Google recommends using database-specific roles rather than general IAM roles.
Why other options are incorrect:
B) roles/viewer - This is a general IAM role that provides read-only access to view resources but doesn't grant database-specific permissions needed to read/write data in Cloud Spanner.
C) roles/owner - This role provides full administrative control over all resources in a project, which is excessive and violates the principle of least privilege for database access.
D) roles/editor - This role allows modifying resources but doesn't provide the specific database permissions needed for Cloud Spanner operations.
Key Takeaway: When granting access to specific Google Cloud services like Cloud Spanner, always use service-specific roles (prefixed with the service name) rather than general IAM roles for better security and appropriate permission scoping.
Comments
Loading comments...