Google Cloud Associate Cloud Engineer — Question 63

You built an application on Google Cloud that uses Cloud Spanner. Your support team needs to monitor the environment but should not have access to table data.
You need a streamlined solution to grant the correct permissions to your support team, and you want to follow Google-recommended practices. What should you do?

Answer options

• A. Add the support team group to the roles/monitoring.viewer role
• B. Add the support team group to the roles/spanner.databaseUser role.
• C. Add the support team group to the roles/spanner.databaseReader role.
• D. Add the support team group to the roles/stackdriver.accounts.viewer role.

Correct answer: A

Explanation

The correct answer is A because the roles/monitoring.viewer role allows the support team to view monitoring data without granting access to sensitive table data. The roles/spanner.databaseUser and roles/spanner.databaseReader roles provide access to database operations or data, which is not suitable for the support team's requirements. The roles/stackdriver.accounts.viewer role is not directly related to monitoring Cloud Spanner resources.