This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Help with the following question

Posted on 08-26-2024 10:40 AM
mc440
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

 

Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices. What should you do?

  • A. Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.
  • B. Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.
  • C. Create a custom role by removing delete permissions, and add users to that role only.
  • D. Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.
0 1 150
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
kc3
Silver 4
Silver 4
Reply posted on --/--/---- --:-- AM

I believe the answer to this question is D. 

Personally, I find the IAM roles sometimes not very intuitive. In this case, "User" is not the right role. See

https://cloud.google.com/bigquery/docs/running-queries

It is best practice to not assign users to roles directly, but to assign groups to roles, and users to those groups. 

Top Labels in this Space