Google Cloud Professional Cloud Architect — Question 175

Your company is using BigQuery as its enterprise data warehouse. Data is distributed over several Google Cloud projects. All queries on BigQuery need to be billed on a single project. You want to make sure that no query costs are incurred on the projects that contain the data. Users should be able to query the datasets, but not edit them.
How should you configure users' access roles?

Answer options

• A. Add all users to a group. Grant the group the role of BigQuery user on the billing project and BigQuery dataViewer on the projects that contain the data.
• B. Add all users to a group. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery user on the projects that contain the data.
• C. Add all users to a group. Grant the group the roles of BigQuery jobUser on the billing project and BigQuery dataViewer on the projects that contain the data.
• D. Add all users to a group. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery jobUser on the projects that contain the data.

Correct answer: C

Explanation

The correct answer is C because the BigQuery jobUser role on the billing project allows users to run queries while the BigQuery dataViewer role on the data-containing projects permits them to view datasets without editing them. Options A and B incorrectly assign the BigQuery user role, which includes permissions to run queries that could incur costs on the data projects. Option D also misassigns roles, allowing potential query costs on the data projects.