Google Cloud Professional Cloud Security Engineer Practice Exam

Which IAM design is appropriate for a business user who must access curated reports in BigQuery?

• A. Assign roles/bigquery.dataEditor role
• B. Assign roles/bigquery.admin role
• C. Create curated tables and assign roles/bigquery.dataViewer role
• D. Assign roles/bigquery.dataOwner role

The correct answer is: Create curated tables and assign roles/bigquery.dataViewer role

The choice to create curated tables and assign the roles/bigquery.dataViewer role is particularly suitable for a business user who needs access to curated reports in BigQuery. This role grants the user the necessary permissions to read and query data within the specified tables without giving them the ability to modify or delete the underlying data. This is essential in a reporting context, where users typically only need to analyze existing data rather than change it. By focusing on curated tables, the data can be organized and tailored to meet specific reporting requirements, ensuring that the user has access to only the relevant datasets. This prevents potential misuse of sensitive data and maintains the integrity of the overall data structure. In environments where data governance and security are critical, limiting access to just the data needed for reporting tasks helps mitigate risks associated with unauthorized alterations or access to sensitive information. In contrast, the other roles mentioned carry permissions that exceed what is necessary for simply viewing reports. Roles such as dataEditor or dataOwner allow for modifying and managing data, which is inappropriate for a business user whose primary function is to view and analyze data rather than manage it.