Exam Professional Data Engineer topic 1 question 12 discussion

My vota also goes for B,D,F

Some voted for 'E' i.e. E. Only allow a service account to access the datasets. Not sure why ? if we gave access ONLY to service account - Does not it mean - we need to access BigQuery using Some Code (by mentioning Service account credentials there) OR using some other resource like VM) In this case - i think person can't even access the Big Query Service via UI (if we give access only to Service account). Correct me if there is option on UI as well

B,D,F is the correct answer as per Google best practices

A is wrong because partitions do not provide access boundaries between the clients. All partitions within a table are accessible to anyone with access to the table. C is wrong because tables within the same dataset share the same access controls. E is wrong because service accounts are typically used for automated or backend processes, not client-specific access.

B, D, F! C - is technically wrong . tables are being logically stored in a single dataset. A - Partitioning data is for improving performance. once you SQL (select) the table, you can not control the data being selected for the developer.

B. Load data into a different dataset for each client. D. Restrict a client's dataset to approved users. F. Use the appropriate identity and access management (IAM) roles for each client's users. By loading each client's data into a separate dataset, you ensure that each client's data is isolated from the data of other clients. Restricting access to each client's dataset to only approved users, as specified in D, further enhances data security by ensuring that only authorized users can access the data. By using appropriate IAM roles for each client's users, as specified in F, you can grant different levels of access to different clients and their users, ensuring that each client has only the level of access required for their specific needs.

B. Load data into a different dataset for each client. D. Restrict a client's dataset to approved users. F. Use the appropriate identity and access management (IAM) roles for each client's users.

B. Load data into a different dataset for each client: Organize the data into separate datasets for each client. This ensures data isolation and simplifies access control. D. Restrict a client's dataset to approved users: Implement access controls by specifying which users or groups are allowed to access each client's dataset. This restricts data access to approved users only. F. Use the appropriate identity and access management (IAM) roles for each client's users: Assign IAM roles based on client-specific requirements to manage permissions effectively. IAM roles help control access at a more granular level, allowing you to tailor access to specific users or groups within each client's dataset. These steps ensure that each client's data is separated, and access is controlled based on client-specific requirements. Options A, C, and E, while important in other contexts, are not sufficient on their own to ensure client data isolation and access control in a multi-client environment.

My Vote is BDF. I was thinking BEF but the question shows that the Big Query warehouse will be accessed by both direct users and other applications, as preferred by each customer.

agreed B,D,F

Agree with others

the answers are B, D, and F. To ensure that clients cannot see each other's data and have appropriate access, you would want to: Segregate the data by client. Restrict access to each client's data. Use proper identity and access management techniques.

B,D,F is the answer

BDF is right

B, D, F! C - is technically wrong . tables are being logically stored in a single dataset. A - Partitioning data is for improving performance. once you SQL (select) the table, you can not control the data being selected for the developer.

Please why is DEF not correct?

Agree BDF