Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam Professional Cloud Architect topic 1 question 85 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 85
Topic #: 1
[All Professional Cloud Architect Questions]

Your company captures all web traffic data in Google Analytics 360 and stores it in BigQuery. Each country has its own dataset. Each dataset has multiple tables.
You want analysts from each country to be able to see and query only the data for their respective countries.
How should you configure the access rights?

  • A. Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery jobUser. Share the appropriate dataset with view access with each respective analyst country-group.
  • B. Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery jobUser. Share the appropriate tables with view access with each respective analyst country-group.
  • C. Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery dataViewer. Share the appropriate dataset with view access with each respective analyst country- group.
  • D. Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery dataViewer. Share the appropriate table with view access with each respective analyst country-group.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Sebatian
Highly Voted 4 years, 3 months ago
It should be A. The question requires that user from each country can only view a specific data set, so BQ dataViewer cannot be assigned at project level. Only A could limit the user to query and view the data that they are supposed to be allowed to.
upvoted 59 times
jits1984
11 months, 2 weeks ago
Should be C. https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer Data viewer role can be applied to a Table and a View. JobUser can be applied only at a Project level not at a Dataset level https://cloud.google.com/bigquery/docs/access-control#bigquery.jobUser
upvoted 11 times
jits1984
6 months, 4 weeks ago
incorrect, should be A, BigQuery Job User (roles/bigquery.jobUser) Provides permissions to run jobs, including queries, within the project.
upvoted 3 times
RKS_2021
6 months ago
A is wrong
upvoted 1 times
...
...
...
...
wk
Highly Voted 4 years, 5 months ago
Should be C https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer When applied to a dataset, dataViewer provides permissions to: Read the dataset's metadata and to list tables in the dataset. Read data and metadata from the dataset's tables. When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs.
upvoted 32 times
Jack_in_Large
3 years, 10 months ago
Option C grant read permission to all datasets globally, which violated the request "You want analysts from each country to be able to see and query only the data for their respective countries" So the correct answer is A.
upvoted 29 times
BrunoTostes
2 years, 5 months ago
https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer "When applied to a dataset.." you can apply dataViewer role to a specific dataset.
upvoted 8 times
...
...
...
Diwz
Most Recent 1 week, 3 days ago
Selected Answer: C
It is C. Question says analyst should be able to see and query only the data for their respective countries. BigQueryDta viewer permission will allow only to read and query the table/view data
upvoted 1 times
...
OrangeTiger
1 month, 3 weeks ago
Selected Answer: A
Go with a.
upvoted 1 times
...
islamfouda
2 months, 1 week ago
Selected Answer: C
C is right, even if DataViwer is granted on Project level but Dataset is shared with view access to only the country group.
upvoted 1 times
...
JohnDohertyDoe
2 months, 2 weeks ago
Selected Answer: A
A is the correct answer. Tested the two scenarios, with `jobUser` permissions it does not allow the user to see a dataset. Whereas with `dataViewer` it has permissions for all the datasets. Note the difference is in the initial permission across the project and not per dataset.
upvoted 3 times
...
bandegg
2 months, 3 weeks ago
Selected Answer: A
It's A because in order to query, on needs the jobUser role. dataViewer doesn't grant the ability to actually query the datasets one has been given access to. https://cloud.google.com/bigquery/docs/running-queries#required_permissions
upvoted 1 times
...
e5019c6
2 months, 4 weeks ago
I'm siding with C on this one. jobUser role has the bigquery.jobs.create permission, which allow it to load data into BQ, which analyst shouldn't do. Data Viewer has no permissions to add or edit data (It can create a snapshot of the data, extract it or replicate it at most)
upvoted 1 times
...
whoosh007
3 months ago
Selected Answer: C
BigQuery Data Viewer (roles/bigquery.dataViewer) When applied to a table or view, this role provides permissions to: Read data and metadata from the table or view. This role cannot be applied to individual models or routines. When applied to a dataset, this role provides permissions to: Read the dataset's metadata and list tables in the dataset. Read data and metadata from the dataset's tables. When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs. Lowest-level resources where you can grant this role: Table and view BigQuery Job User (roles/bigquery.jobUser) Provides permissions to run jobs, including queries, within the project. Lowest-level resources where you can grant this role: Project Analyst must query data --> BigQuery Data Viewer
upvoted 2 times
...
steghe
5 months, 2 weeks ago
Selected Answer: A
A: JobUser to execute queries in general. Data viewer for viewing the country dataset.
upvoted 1 times
...
TopTalk
5 months, 3 weeks ago
Selected Answer: C
Lowest-level resources where you can grant this role: dataViewer: Table, View jobUser: Project You don't want to grant access to the entire project, only the dataset which is divided per country. Definitely C. https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer
upvoted 1 times
don_v
2 months, 1 week ago
Correct answer is A. Note this: "Share the appropriate dataset with *view access* with each respective analyst country-group". "view access" is the key.
upvoted 1 times
...
...
AdityaGupta
5 months, 3 weeks ago
Selected Answer: A
A. Create a group per country. Add analysts to their respective country-groups. Create a single group 'all_analysts', and add all country-groups as members. Grant the 'all_analysts' group the IAM role of BigQuery jobUser. Share the appropriate dataset with view access with each respective analyst country-group. As all analysts need to execute query, they need JobUser role. They should be restricted to view all datasets (not tables) of respective country.
upvoted 1 times
...
RKS_2021
6 months ago
It is C for Sure, A give Project level permissions, which defied requirement to have access to the Data set level.
upvoted 1 times
...
jits1984
6 months, 4 weeks ago
Selected Answer: A
JobUser required to run queries
upvoted 1 times
...
jits1984
6 months, 4 weeks ago
Selected Answer: C
https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer Data viewer role can be applied to a Table and a View. JobUser can be applied only at a Project level not at a Dataset level https://cloud.google.com/bigquery/docs/access-control#bigquery.jobUser
upvoted 2 times
jits1984
6 months, 4 weeks ago
Incorrect - should be A
upvoted 2 times
...
...
CkPrime
6 months, 4 weeks ago
ChatGPT says C
upvoted 1 times
...
Jerryzzyy
7 months, 4 weeks ago
Selected Answer: A
Job user = Able to create query Data Viewer = Able to view the data
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...