PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #371
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #371: Real Exam Question with Answer & Explanation
The correct answer is B: Grant the BigQuery Data Viewer role at the Data Warehouse folder.. Granting the BigQuery Data Viewer role at the folder level provides the data analysis team read- only access to all BigQuery data across every project within the Data Warehouse folder, without needing to manage permissions individually per project or dataset. This approach enforc
Question
You are managing a set of Google Cloud projects that are contained in a folder named Data Warehouse. A new data analysis team has been approved to perform data analysis for all BigQuery data in the projects within the Data Warehouse folder. They should only be able to read the data and not have permissions to modify or delete the data. You want to reduce the operational overhead of provisioning access while adhering to the principle of least privilege. What should you do?
Options
- AGrant the BigQuery Data Viewer role at the project level for each project within the Data
- BGrant the BigQuery Data Viewer role at the Data Warehouse folder.
- CGrant the BigQuery Data Viewer role at the dataset level for each BigQuery dataset within each
- DGrant the BigQuery Metadata Viewer role at the Data Warehouse folder.
Explanation
Granting the BigQuery Data Viewer role at the folder level provides the data analysis team read- only access to all BigQuery data across every project within the Data Warehouse folder, without needing to manage permissions individually per project or dataset. This approach enforces the principle of least privilege and minimizes operational overhead.
Topics
Community Discussion
No community discussion yet for this question.