Topic 1 Question 52
Your company has a Google Cloud Platform project that uses BigQuery for data warehousing. Your data science team changes frequently and has few members. You need to allow members of this team to perform queries. You want to follow Google-recommended practices. What should you do?
- Create an IAM entry for each data scientist's user account. 2. Assign the BigQuery jobUser role to the group.
- Create an IAM entry for each data scientist's user account. 2. Assign the BigQuery dataViewer user role to the group.
- Create a dedicated Google group in Cloud Identity. 2. Add each data scientist's user account to the group. 3. Assign the BigQuery jobUser role to the group.
- Create a dedicated Google group in Cloud Identity. 2. Add each data scientist's user account to the group. 3. Assign the BigQuery dataViewer user role to the group.
ユーザの投票
コメント(17)
C is correct because dataViewer does not allow user to perform queries. jobUser can.
👍 90Gini2020/05/03C is correct, doc's said: When applied to a dataset, dataViewer provides permissions to:
Read the dataset's metadata and to list tables in the dataset. Read data and metadata from the dataset's tables. When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs.
👍 44zukko782020/05/06- 正解だと思う選択肢: C
The correct answer is ANSWER C.
Creating a dedicated Google group in Cloud Identity is a good practice because it simplifies user management. Rather than adding individual users to each resource's IAM policy, you can add the group to the resource's IAM policy. This way, you only need to manage the group membership rather than each user's permissions. Also, the BigQuery jobUser role provides the necessary permission to run queries and jobs, which is appropriate for data scientists who need to perform queries.
👍 6Buruguduystunstugudunstuy2023/02/19
シャッフルモード