Google Cloud Professional Cloud Database Engineer — Question 143

You are setting up a new AlloyDB instance and want users to be able to use their existing Identity and Access Management (IAM) identities to connect to AlloyDB. You have performed the following steps:

• Manually enabled IAM authentication on the AlloyDB instance
• Granted the alloydb.databaseUser and ser-viceusage.serviceUsageconsumer IAM roles to the users
• Created new AlloyDB database users based on corresponding IAM identities

Users are able to connect but are reporting that they are not able to SELECT from application tables. What should you do?

Answer options

• A. Grant the new database users access privileges to the appropriate tables.
• B. Grant the alloydb.client IAM role to each user.
• C. Grant the alloydb.viewer IAM role to each user.
• D. Grant the alloydb.alloydbreplica IAM role to each user.

Correct answer: A

Explanation

The correct answer is A because granting access privileges to the appropriate tables is essential for users to perform SELECT operations. The other options involve assigning roles that do not directly address table access, which is why they would not resolve the issue of users being unable to retrieve data from the application tables.