GCP Professional Cloud Security Engineer Practice Question
Your organization runs a multi-tenant application on Cloud SQL for PostgreSQL. A group of data scientists needs read-only access to the tables that reside in the "analytics" schema, but they must not be able to modify data or view objects in other schemas. The security team insists that access be enforced entirely inside the database engine, without relying on Cloud IAM or network controls. Which approach satisfies these requirements with the least operational overhead?
Enable IAM database authentication and grant the group the cloudsql.connectionViewer role so that login attempts are authenticated by IAM.
Assign the Cloud SQL Viewer IAM role to the data-scientists' Google groups at the project level to ensure they cannot modify data.
Add the data-scientists' office IP range to the instance's Authorized Networks list and leave database permissions unchanged.
Create a PostgreSQL role, grant it USAGE on the "analytics" schema and SELECT on all tables within that schema, then assign that role to each data-scientist user.
Creating a database role inside PostgreSQL allows privileges to be limited at the schema and table level, which is exactly what the requirement calls for. Granting the role USAGE on the "analytics" schema lets members see objects in that schema, and granting SELECT on all its tables restricts them to read-only operations. The role can then be granted to each user, and no Cloud IAM role, authorized network, or instance-level setting is required. The other options rely on IAM permissions or network access but do not control object-level privileges inside the database, so they cannot enforce the requested least-privilege policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'USAGE' on a schema in PostgreSQL mean?
Open an interactive chat with Bash
How does granting SELECT on tables ensure read-only access?
Open an interactive chat with Bash
Why is enforcing permissions inside the database engine preferred over Cloud IAM in this case?
Open an interactive chat with Bash
What does USAGE privilege in PostgreSQL do?
Open an interactive chat with Bash
How does the SELECT privilege work in PostgreSQL?
Open an interactive chat with Bash
Why is it better to enforce access controls inside PostgreSQL rather than using IAM or network controls?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Ensuring data protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .