Reputation: 57
GCP: IAM and BigQuery
Could you please share your thoughts about this question?
You are configuring service accounts for an application that spans multiple projects. Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj. You want to follow Google-recommended practices to give access to the service account in the web-applications project. What should you do?
A. Give project owner for web-applications appropriate roles to crm-databases-proj.
B. Give project owner role to crm-databases-proj and the web-applications project.
C. Give project owner role to crm-databases-proj and bigquery.dataViewer role to web-applications.
D. Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.
Here is the discussion thread.
Upvotes: 1
Views: 393
Answers (1)
Reputation: 1245
As suggested by guillaume, and outlined in public documentation, basic roles (including Owner) should not be used in production environment:
Caution: Basic roles include thousands of permissions across all Google Cloud services. In production environments, do not grant basic roles unless there is no alternative. Instead, grant the most limited predefined roles or custom roles that meet your needs.
Therefore, D is the correct answer.
Upvotes: 1
Related Questions
- GCP - BigTable to BigQuery
- Creating REST API in GCP to read data from BigQuery
- Perform data mapping in GCP
- Google App Engine streaming data into Bigquery: GCP architecture
- GCP Workflows and BigQuery?
- BigQuery summary
- Reading and writing to bigquery in gcp. What service?
- Authenticate requests from GCE to BigQuery through IAP
- Bigquery IAM access from java
- Problems with BigQuery and Cloud SQL in same project