Google Cloud Associate Data Practitioner — Question 83

You are designing an application that will interact with several BigQuery datasets. You need to grant the application's service account permissions that allow it to query and update tables within the datasets, and list all datasets in a project within your application. You want to follow the principle of least privilege. Which pre-defined IAM role(s) should you apply to the service account?

Answer options

• A. roles/bigquery.jobUser and roles/bigquery.dataOwner
• B. roles/bigquery.connectionUser and roles/bigquery.dataViewer
• C. roles/bigquery.admin
• D. roles/bigquery.studioUser and roles/bigquery.filtereddataViewer

Correct answer: A

Explanation

The correct answer is A because roles/bigquery.jobUser allows the service account to run jobs, including queries, while roles/bigquery.dataOwner permits updating and managing data within the datasets. The other options do not provide the necessary permissions for both querying and updating tables as required by the application.