Your company is adopting a domain-oriented "data mesh." Each business unit will own the storage and transformation pipelines for its data, but a central enterprise team must enforce common security tags, data-quality rules, and lineage tracking across all domains without becoming a bottleneck. You need a Google Cloud design that lets domain teams work autonomously in their own projects while allowing the enterprise team to apply and audit governance controls from a single control plane. Which approach best satisfies these requirements?
Allow each domain full ownership of its projects and rely solely on organization-wide IAM conditions and VPC Service Controls to restrict access. Use periodic scripts to copy metadata from every project into a central Data Catalog entry group.
Store all domains' data in a single BigQuery project. Give the enterprise team the BigQuery Admin role and grant each domain read/write access only to its own datasets through authorized views.
Create a separate Dataplex lake for each business domain and register the domain's Cloud Storage buckets and BigQuery datasets as zone assets. Grant each domain the Dataplex Lake Administrator role for its lake, while the enterprise team keeps the Dataplex Admin role at the organization level to push common tags, data-quality rules, and lineage policies to every lake.
Enforce uniform bucket-level access on Cloud Storage and require every domain to export its data nightly into a central analytics project where governance policies are applied before analysts can query the data.
Creating one Dataplex lake per business domain delegates day-to-day ownership to the domain (through the Dataplex Lake Administrator and Zone Administrator roles) while still registering every Cloud Storage bucket and BigQuery dataset as an asset in Dataplex. The enterprise team can attach centrally managed data-quality rules, tag-based IAM policies, and lineage policies to those assets and monitor them in one place. Because the underlying data remains in projects that belong to each domain, development autonomy is preserved. The other options either centralize the data itself (reducing autonomy), rely on manual metadata replication, or use IAM alone without the catalog and quality services required for a federated governance model.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Dataplex Lake in Google Cloud?
Open an interactive chat with Bash
How does Dataplex enable domain autonomy while providing centralized governance?
Open an interactive chat with Bash
What is the difference between Dataplex Admin and Lake Administrator roles?
Open an interactive chat with Bash
What is Dataplex and how does it help in managing data governance?
Open an interactive chat with Bash
How can Dataplex roles like Lake Administrator and Dataplex Admin support decentralized teams?
Open an interactive chat with Bash
Why is creating separate Dataplex lakes for each domain better for a data mesh model compared to centralized approaches?
Open an interactive chat with Bash
GCP Professional Data Engineer
Storing the data
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .