PROFESSIONAL-CLOUD-DEVELOPER · Question #140
PROFESSIONAL-CLOUD-DEVELOPER Question #140: Real Exam Question with Answer & Explanation
The correct answer is A: Bind the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level.. By binding the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level, you can ensure that each user can only publish and subscribe to their specific Pub/Sub topic and subscription. This allows for granular permissions management and ensures that
Question
Your team is developing an application in Google Cloud that executes with user identities maintained by Cloud Identity. Each of your application's users will have an associated Pub/Sub topic to which messages are published, and a Pub/Sub subscription where the same user will retrieve published messages. You need to ensure that only authorized users can publish and subscribe to their own specific Pub/Sub topic and subscription. What should you do?
Options
- ABind the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level.
- BGrant the user identity the pubsub.publisher and pubsub.subscriber roles at the project level.
- CGrant the user identity a custom role that contains the pubsub.topics.create and
- DConfigure the application to run as a service account that has the pubsub.publisher and
Explanation
By binding the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level, you can ensure that each user can only publish and subscribe to their specific Pub/Sub topic and subscription. This allows for granular permissions management and ensures that each user can only access the resources they are authorized to.
Topics
Community Discussion
No community discussion yet for this question.