Topic 1 Question 85

Professional Cloud Architect

Topic 1 Question 85
Your company captures all web traffic data in Google Analytics 360 and stores it in BigQuery. Each country has its own dataset. Each dataset has multiple tables. You want analysts from each country to be able to see and query only the data for their respective countries. How should you configure the access rights?
- Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery jobUser. Share the appropriate dataset with view access with each respective analyst country-group.
- Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery jobUser. Share the appropriate tables with view access with each respective analyst country-group.
- Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery dataViewer. Share the appropriate dataset with view access with each respective analyst country- group.
- Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery dataViewer. Share the appropriate table with view access with each respective analyst country-group.
ユーザの投票
コメント(17)
- It should be A. The question requires that user from each country can only view a specific data set, so BQ dataViewer cannot be assigned at project level. Only A could limit the user to query and view the data that they are supposed to be allowed to.
  
  👍 53
  Sebatian2019/11/30
- Should be C https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer
  
  When applied to a dataset, dataViewer provides permissions to:
  
  Read the dataset's metadata and to list tables in the dataset. Read data and metadata from the dataset's tables. When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs.
  
  👍 30
  wk2019/10/19
- 正解だと思う選択肢: A
  A is the correct answer The user should be able to query, only Job User can perform query operations, whereas a data viewer can only read the data.
  
  BigQuery Data Viewer is required to read data from the specified dataset. BigQuery Job User is needed to create query jobs from which the results can be read.
  
  👍 5
  examch2022/12/29
シャッフルモード

ユーザの投票

コメント(17)