Examtopics

コメント(17)

• I believe the key part is the "following Google Best Practices" phrase. A - Works, but doesn't follow GCP best practices B - Doesn't work as the role grants permission to delete datasets C - Works, but is more complicated than A and doesn't follow Google best practices D - Correct, more complicated than A, but it follows Google Best Practices.

  👍 65

  someoneinthecloud2020/07/18

• Correct Answer is (D):

  The proper answer regarding to bigquery roles is the listed in the options, the proper rol that resolve this requirement is: roles/bigquery.dataViewer https://cloud.google.com/bigquery/docs/access-control#custom_roles

  on the other hand, the question explicitly is asking to use the GCP best practices on IAM : GCP Best Practices explain clearly these rules: Policy management ❑ Set organization-level IAM policies to grant access to all projects in your organization. ❑ Grant roles to a Google group instead of individual users when possible. It is easier to add members to and remove members from a Google group instead of updating an IAM policy to add or remove users. ❑ If you need to grant multiple roles to allow a particular task, create a Google group, grant the roles to that group, and then add users to that group. https://cloud.google.com/iam/docs/using-iam-securely#policy_management

  👍 52

  ESP_SAP2020/08/19
• 正解だと思う選択肢: A

  Since roles/bigquery user role doesn't have delete permission, as per the GCP best practice, if we do not have pre-defined roles to perform an action, then go for custom role.

  👍 2

  ES1502022/11/24