Topic 1 Question 60
Your organization has highly sensitive data that gets updated once a day and is stored across multiple datasets in BigQuery. You need to provide a new data analyst access to query specific data in BigQuery while preventing access to sensitive data. What should you do?
Grant the data analyst the BigQuery Job User IAM role in the Google Cloud project.
Create a materialized view with the limited data in a new dataset. Grant the data analyst BigQuery Data Viewer IAM role in the dataset and the BigQuery Job User IAM role in the Google Cloud project.
Create a new Google Cloud project, and copy the limited data into a BigQuery table. Grant the data analyst the BigQuery Data Owner IAM role in the new Google Cloud project.
Grant the data analyst the BigQuery Data Viewer IAM role in the Google Cloud project.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: B
The best option is B. Materialized view in new dataset + Data Viewer & Job User roles. Option B is best because it uses a view to limit data access and dataset-level permissions for least privilege. Option A (Job User only) is incorrect because it grants no data access. Option C (New project & Data Owner) is incorrect because it's overly complex and too permissive (Data Owner role). Option D (Project Data Viewer) is incorrect because it grants access to all datasets, including sensitive ones. Therefore, Option B is the most secure and least privileged way to grant access to specific data.
👍 1n21837128472025/03/05
シャッフルモード