Topic 1 Question 217
You have a BigQuery table that contains customer data, including sensitive information such as names and addresses. You need to share the customer data with your data analytics and consumer support teams securely. The data analytics team needs to access the data of all the customers, but must not be able to access the sensitive data. The consumer support team needs access to all data columns, but must not be able to access customers that no longer have active contracts. You enforced these requirements by using an authorized dataset and policy tags. After implementing these steps, the data analytics team reports that they still have access to the sensitive columns. You need to ensure that the data analytics team does not have access to restricted data. What should you do?
Create two separate authorized datasets; one for the data analytics team and another for the consumer support team.
Ensure that the data analytics team members do not have the Data Catalog Fine-Grained Reader role for the policy tags.
Replace the authorized dataset with an authorized view. Use row-level security and apply filter_expression to limit data access.
Remove the bigquery.dataViewer role from the data analytics team on the authorized datasets.
Enforce access control in the policy tag taxonomy.
ユーザの投票
コメント(5)
Option B & E
👍 4qq589539483084gfrgrgfr2024/01/07- 正解だと思う選択肢: B
Prevents data analytics team members from viewing sensitive data, even if it's tagged. Restricts access to policy tags themselves, ensuring confidentiality of sensitive information.
👍 1e70ea9e2023/12/30 - 正解だと思う選択肢: B
- The Data Catalog Fine-Grained Reader role allows users to read metadata that is restricted by policy tags.
- If members of the data analytics team have this role, they might bypass the restrictions set by policy tags.
- Ensuring they do not have this role will help enforce the restrictions intended by the policy tags.
👍 1raaad2024/01/03
シャッフルモード