Google Cloud Professional Cloud Database Engineer — Question 109

An analytics team needs to read data out of Cloud SQL for SQL Server and update a table in Cloud Spanner. You need to create a service account and grant least privilege access using predefined roles. What roles should you assign to the service account?

Answer options

• A. roles/cloudsql.viewer and roles/spanner.databaseUser
• B. roles/cloudsql.editor and roles/spanner.admin
• C. roles/cloudsql.client and roles/spanner.databaseReader
• D. roles/cloudsql.instanceUser and roles/spanner.databaseUser

Correct answer: A

Explanation

The correct answer is A because the roles/cloudsql.viewer grants read access to Cloud SQL, and roles/spanner.databaseUser allows for writing to Cloud Spanner. The other options provide either too much access or do not provide the necessary permissions to perform both tasks adequately.