Topic 1 Question 30
Your company has a BigQuery dataset named "Master" that keeps information about employee travel and expenses. This information is organized by employee department. That means employees should only be able to view information for their department. You want to apply a security framework to enforce this requirement with the minimum number of steps. What should you do?
Create a separate dataset for each department. Create a view with an appropriate WHERE clause to select records from a particular dataset for the specific department. Authorize this view to access records from your Master dataset. Give employees the permission to this department-specific dataset.
Create a separate dataset for each department. Create a data pipeline for each department to copy appropriate information from the Master dataset to the specific dataset for the department. Give employees the permission to this department-specific dataset.
Create a dataset named Master dataset. Create a separate view for each department in the Master dataset. Give employees access to the specific view for their department.
Create a dataset named Master dataset. Create a separate table for each department in the Master dataset. Give employees access to the specific table for their department.
ユーザの投票
コメント(16)
For me option c is correct. create view is easy on one dataset with appropriate where clause. And give permission to department. Create different dataset(option A) for department is create more steps where question denying it.
👍 14cloud_mk2021/03/08I think that answer A) is better than B) Authorized views being in the department-specific dataset will be able to read data from the master dataset(https://cloud.google.com/bigquery/docs/share-access-views). And Cloud IAM can set access on dataset level (https://cloud.google.com/bigquery/docs/dataset-access-controls)
👍 9emmet2020/05/29Option-C: This is good usecase for using View functionality of BigQuery. Creating separate DataSet will technically work. But we need to change the code from ingestion system to write into different dataset which is unnecessary.
👍 8StelSen2021/02/17
シャッフルモード