Topic 1 Question 57
Your company is using BigQuery as its enterprise data warehouse. Data is distributed over several Google Cloud projects. All queries on BigQuery need to be billed on a single project. You want to make sure that no query costs are incurred on the projects that contain the data. Users should be able to query the datasets, but not edit them. How should you configure users' access roles?
Add all users to a group. Grant the group the role of BigQuery user on the billing project and BigQuery dataViewer on the projects that contain the data.
Add all users to a group. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery user on the projects that contain the data.
Add all users to a group. Grant the group the roles of BigQuery jobUser on the billing project and BigQuery dataViewer on the projects that contain the data.
Add all users to a group. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery jobUser on the projects that contain the data.
ユーザの投票
コメント(14)
- 正解だと思う選択肢: C
C is the correct Answer , A is wrong because bq User Permission will allow you to edit the dataset, which is something that we don't want in this scenario. B and D is wrong because "You want to make sure that no query costs are incurred on the projects that contain the data" so you don't want users to fire quires on the Project that contains the dataset , hence the "dataViewer" permission
👍 15kimharsh2022/02/05 - 正解だと思う選択肢: C
Both A & C are correct but using the principle of least privileges C is the most appropriate.
BigQuery User: (roles/bigquery.user) When applied to a dataset, this role provides the ability to read the dataset's metadata and list tables in the dataset. When applied to a project, this role also provides the ability to run jobs, including queries, within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and enumerate datasets within a project. <b>Additionally, allows the creation of new datasets within the project; the creator is granted the BigQuery Data Owner role(roles/bigquery.dataOwner) on these new datasets.</b> Lowest-level resources where you can grant this role: Dataset
BigQuery Job User: (roles/bigquery.jobUser) Provides permissions to run jobs, including queries, within the project. Lowest-level resources where you can grant this role: Project
Source: https://cloud.google.com/bigquery/docs/access-control
👍 13RitwickKumar2022/08/18 - 正解だと思う選択肢: C
Important statements from the prompt
All queries need to be billed to a single project - one project that queries data stored on other projects. Let's call this our billing project. a. jobUser is the best role to satisfy this need, because it provides permission to run jobs and queries within a project.
Other projects is where the data resides. These projects don't need much access besides the ability to be viewed (not edited). a. The dataViewer role provide permission to read all datasets in the project.
👍 6jay91142022/12/24
シャッフルモード