Your company runs several projects within a single Cloud Organization. In one project, a developer needs to be able to list existing BigQuery datasets and update the datasets' labels, but must not create new tables or read any table data. None of the predefined BigQuery roles match these exact requirements. Which action best follows Google Cloud's principle of least privilege?
Grant the developer the predefined BigQuery Data Editor role; although it also allows creating tables, the extra permissions are acceptable.
Ask the developer to define a custom role in their personal Google Account and import that role into the project.
Create a project-level custom IAM role that includes only the required BigQuery permissions and grant it to the developer.
Define an organization-level custom role with the required permissions and rely on inheritance so the developer automatically receives it.
Creating a custom IAM role at the project level with only bigquery.datasets.get, bigquery.datasets.list, and bigquery.datasets.update provides exactly the needed capabilities. Predefined roles such as BigQuery Data Viewer (read-only) or BigQuery Data Editor (which also allows creating and modifying table data) are either too restrictive or too permissive. Custom roles cannot be created inside a personal Google Account and then imported, and an organization-level custom role would still need an explicit binding to grant it to the developer.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an IAM role in Google Cloud?
Open an interactive chat with Bash
What is the principle of least privilege?
Open an interactive chat with Bash
How do you create a custom IAM role in Google Cloud?
Open an interactive chat with Bash
What is an IAM role in Google Cloud?
Open an interactive chat with Bash
How do you create a custom IAM role?
Open an interactive chat with Bash
What is the principle of least privilege?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .