Your organization hires a freelance data analyst who only needs to run queries and view existing datasets in the analytics-prod project's BigQuery service. A project owner proposes simply granting the contractor the IAM role roles/editor at the project level to avoid creating multiple bindings. From an IAM best-practice perspective, how should you classify the roles/editor role that is being suggested?
It is a basic IAM role that grants broad permissions across most Google Cloud services, greatly exceeding the contractor's needs.
It is a service-account-only role that provides temporary privileges through impersonation rather than direct assignment.
It is a predefined BigQuery-specific role that follows least-privilege principles for data analysis tasks.
It is a custom role that must be explicitly populated with only BigQuery read-only permissions.
The roles/editor role is one of Google Cloud's three legacy basic (formerly called primitive) roles - Owner, Editor, and Viewer. Basic roles are attached at the project, folder, or organization level and include thousands of permissions across nearly every Google Cloud service. Because they provide far more access than is required for a user who only needs to query BigQuery datasets, assigning roles/editor violates the principle of least privilege. Predefined roles (for example, roles/bigquery.dataViewer and roles/bigquery.user) or a custom role would better fit the stated requirements. The remaining options are incorrect because roles/editor is not a predefined, custom, or service-account-specific role; it is a basic role granted directly to human or service account principals and is not limited in scope to BigQuery or tied to impersonation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Google Cloud's basic IAM roles?
Open an interactive chat with Bash
What is the principle of least privilege in IAM?
Open an interactive chat with Bash
What is the difference between basic roles and predefined roles in Google Cloud?
Open an interactive chat with Bash
What is the principle of least privilege in IAM?
Open an interactive chat with Bash
Why are basic IAM roles considered legacy roles?
Open an interactive chat with Bash
What are predefined roles in Google Cloud IAM?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .