Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Professional Data Engineer Topic 4 Question 96 Discussion

Actual exam question for Google's Professional Data Engineer exam
Question #: 96
Topic #: 4
[All Professional Data Engineer Questions]

You have a BigQuery dataset named "customers". All tables will be tagged by using a Data Catalog tag template named "gdpr". The template contains one mandatory field, "has sensitive data~. with a boolean value. All employees must be able to do a simple search and find tables in the dataset that have either true or false in the "has sensitive data" field. However, only the Human Resources (HR) group should be able to see the data inside the tables for which "hass-ensitive-data" is true. You give the all employees group the bigquery.metadataViewer and bigquery.connectionUser roles on the dataset. You want to minimize configuration overhead. What should you do next?

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure that all employees can search and find tables with GDPR tags while restricting data access to sensitive tables only to the HR group, follow these steps:

Data Catalog Tag Template:

Use Data Catalog to create a tag template named 'gdpr' with a boolean field 'has sensitive data'. Set the visibility to public so all employees can see the tags.

Roles and Permissions:

Assign the datacatalog.tagTemplateViewer role to the all employees group. This role allows users to view the tags and search for tables based on the 'has sensitive data' field.

Assign the bigquery.dataViewer role to the HR group specifically on tables that contain sensitive data. This ensures only HR can access the actual data in these tables.

Steps to Implement:

Create the GDPR Tag Template:

Define the tag template in Data Catalog with the necessary fields and set visibility to public.

Assign Roles:

Grant the datacatalog.tagTemplateViewer role to the all employees group for visibility into the tags.

Grant the bigquery.dataViewer role to the HR group on tables marked as having sensitive data.


Data Catalog Documentation

Managing Access Control in BigQuery

IAM Roles in Data Catalog

Contribute your Thoughts:

Dulce
2 months ago
Wait, did they say 'minimize configuration overhead'? In that case, I'm going with option B. Seems like the sweet spot between security and usability. Plus, who doesn't love a little data catalog action?
upvoted 0 times
...
Pura
2 months ago
Option C? Really? Public tag template and just giving the HR group access to the data? That's like painting a big 'sensitive data' sign on everything. Hard pass.
upvoted 0 times
Agustin
1 months ago
Yeah, Option A is the safest choice. We have to prioritize data security.
upvoted 0 times
...
Viola
1 months ago
Definitely, Option A is the most secure option. We don't want to make sensitive data public.
upvoted 0 times
...
Carma
1 months ago
I agree, Option A is the way to go. We need to minimize the visibility of sensitive data.
upvoted 0 times
...
Franchesca
2 months ago
Option A seems like the best choice. Keep the tag template private and only give HR access to sensitive data.
upvoted 0 times
...
...
Tracey
2 months ago
I'm not sure. Wouldn't it be better to create the 'gdpr' tag template with public visibility and assign the datacatalog.tagTemplateViewer role to all employees?
upvoted 0 times
...
Mitsue
2 months ago
I agree with Lorrie. This way, we can ensure that only the HR group has access to the sensitive data while minimizing configuration overhead.
upvoted 0 times
...
Lelia
2 months ago
Option A seems like the simplest solution, but I'm worried about the all employees group not being able to see the tags at all. That could make searching a real pain.
upvoted 0 times
...
Charisse
3 months ago
Hmm, option D looks tempting, but I'm not sure about making the tag template public. Wouldn't that be a security risk? I'd rather keep things a little more locked down.
upvoted 0 times
Nan
2 months ago
I agree, option B seems like a better choice. Keeping the tag template private is important for security.
upvoted 0 times
...
Vincenza
2 months ago
B) Create the 'gdpr' tag template with private visibility. Assign the datacatalog.tagTemplateViewer role on this tag to the all employees group, and assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
upvoted 0 times
...
Anglea
2 months ago
A) Create the 'gdpr' tag template with private visibility. Assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
upvoted 0 times
...
...
Lorrie
3 months ago
I think we should create the 'gdpr' tag template with private visibility and assign the bigquery.dataViewer role to the HR group on the tables with sensitive data.
upvoted 0 times
...
Lashon
3 months ago
I think option B is the way to go. Keeping the tag template private and giving the all employees group the tag viewer role seems like a good way to balance access and privacy.
upvoted 0 times
Sylvie
2 months ago
Yes, option B minimizes configuration overhead and ensures that only the HR group can access the sensitive data. It's a good balance of access control.
upvoted 0 times
...
Jennifer
2 months ago
I agree, option B seems like the best choice here. It allows the HR group to see sensitive data while keeping the tag template private for all employees.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77