Google Cloud Associate Data Practitioner — Question 5

Your organization has a BigQuery dataset that contains sensitive employee information such as salaries and performance reviews. The payroll specialist in the HR department needs to have continuous access to aggregated performance data, but they do not need continuous access to other sensitive data. You need to grant the payroll specialist access to the performance data without granting them access to the entire dataset using the simplest and most secure approach. What should you do?

Answer options

• A. Use authorized views to share query results with the payroll specialist.
• B. Create row-level and column-level permissions and policies on the table that contains performance data in the dataset. Provide the payroll specialist with the appropriate permission set.
• C. Create a table with the aggregated performance data. Use table-level permissions to grant access to the payroll specialist.
• D. Create a SQL query with the aggregated performance data. Export the results to an Avro file in a Cloud Storage bucket. Share the bucket with the payroll specialist.

Correct answer: A

Explanation

The correct answer is A because authorized views allow you to share specific query results with users while keeping the underlying data secure. Options B and C would require more complex configuration and could still expose sensitive information. Option D is less secure as it involves exporting data to a file, which can lead to potential data leakage.