Question about permissions on Google Cloud Dataflow

Question

I am studying for the Data Engineer exam and, during my exercises, I have found this question:

"You are working on a sensitive project involving private user data. You have set up a project on Google Cloud Platform to house your work internally. An external consultant is going to assist with coding a complex transformation in a Google Cloud Dataflow pipeline for your project. How should you maintain users’ privacy?"

With the following possible answers:

• A. Grant the consultant the Viewer role on the project.
• B. Grant the consultant the Cloud Dataflow Developer role on the project.
• C. Create a service account and allow the consultant to log on with it.
• D. Create an anonymized sample of the data for the consultant to work within a different project.

In my opinion, answers A and C are not valid because the external developer cannot modify the pipeline. Then, I go for answer B but I do not know if the "Developer role" allows access to the data or not.

Answer 1

Please refer to Dataflow security and permissions doc [1] and the role of Dataflow Developer [2], Dataflow Developer is that you use to run Dataflow job, but it is not enough to access any data, you need to set up properly with any roles.

Therefore this question I will go D.

[1] https://cloud.google.com/dataflow/docs/concepts/security-and-permissions#accessing_bigquery
[2] https://cloud.google.com/dataflow/docs/concepts/access-control#roles