Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Google Exam Professional-Data-Engineer Topic 4 Question 96 Discussion

Actual exam question for Google's Google Cloud Certified Professional Data Engineer exam
Question #: 96
Topic #: 4
[All Google Cloud Certified Professional Data Engineer Questions]

You have a BigQuery dataset named "customers". All tables will be tagged by using a Data Catalog tag template named "gdpr". The template contains one mandatory field, "has sensitive data~. with a boolean value. All employees must be able to do a simple search and find tables in the dataset that have either true or false in the "has sensitive data" field. However, only the Human Resources (HR) group should be able to see the data inside the tables for which "hass-ensitive-data" is true. You give the all employees group the bigquery.metadataViewer and bigquery.connectionUser roles on the dataset. You want to minimize configuration overhead. What should you do next?

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure that all employees can search and find tables with GDPR tags while restricting data access to sensitive tables only to the HR group, follow these steps:

Data Catalog Tag Template:

Use Data Catalog to create a tag template named 'gdpr' with a boolean field 'has sensitive data'. Set the visibility to public so all employees can see the tags.

Roles and Permissions:

Assign the datacatalog.tagTemplateViewer role to the all employees group. This role allows users to view the tags and search for tables based on the 'has sensitive data' field.

Assign the bigquery.dataViewer role to the HR group specifically on tables that contain sensitive data. This ensures only HR can access the actual data in these tables.

Steps to Implement:

Create the GDPR Tag Template:

Define the tag template in Data Catalog with the necessary fields and set visibility to public.

Assign Roles:

Grant the datacatalog.tagTemplateViewer role to the all employees group for visibility into the tags.

Grant the bigquery.dataViewer role to the HR group on tables marked as having sensitive data.


Data Catalog Documentation

Managing Access Control in BigQuery

IAM Roles in Data Catalog

by Andra at Sep 14, 2024, 12:33 AM

Limited Time Offer

25%

Off

Get Premium Professional-Data-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Dulce
7 days ago
Wait, did they say 'minimize configuration overhead'? In that case, I'm going with option B. Seems like the sweet spot between security and usability. Plus, who doesn't love a little data catalog action?
upvoted 0 times
...
Pura
10 days ago
Option C? Really? Public tag template and just giving the HR group access to the data? That's like painting a big 'sensitive data' sign on everything. Hard pass.
upvoted 0 times
...
Tracey
11 days ago
I'm not sure. Wouldn't it be better to create the 'gdpr' tag template with public visibility and assign the datacatalog.tagTemplateViewer role to all employees?
upvoted 0 times
...
Mitsue
12 days ago
I agree with Lorrie. This way, we can ensure that only the HR group has access to the sensitive data while minimizing configuration overhead.
upvoted 0 times
...
Lelia
12 days ago
Option A seems like the simplest solution, but I'm worried about the all employees group not being able to see the tags at all. That could make searching a real pain.
upvoted 0 times
...
Charisse
17 days ago
Hmm, option D looks tempting, but I'm not sure about making the tag template public. Wouldn't that be a security risk? I'd rather keep things a little more locked down.
upvoted 0 times
Nan
4 days ago
I agree, option B seems like a better choice. Keeping the tag template private is important for security.
upvoted 0 times
...
Vincenza
5 days ago
B) Create the 'gdpr' tag template with private visibility. Assign the datacatalog.tagTemplateViewer role on this tag to the all employees group, and assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
upvoted 0 times
...
Anglea
7 days ago
A) Create the 'gdpr' tag template with private visibility. Assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
upvoted 0 times
...
...
Lorrie
26 days ago
I think we should create the 'gdpr' tag template with private visibility and assign the bigquery.dataViewer role to the HR group on the tables with sensitive data.
upvoted 0 times
...
Lashon
27 days ago
I think option B is the way to go. Keeping the tag template private and giving the all employees group the tag viewer role seems like a good way to balance access and privacy.
upvoted 0 times
Sylvie
7 days ago
Yes, option B minimizes configuration overhead and ensures that only the HR group can access the sensitive data. It's a good balance of access control.
upvoted 0 times
...
Jennifer
13 days ago
I agree, option B seems like the best choice here. It allows the HR group to see sensitive data while keeping the tag template private for all employees.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77