Google Cloud Professional Cloud Database Engineer — Question 41

Your organization operates in a highly regulated industry. Separation of concerns (SoC) and security principle of least privilege (PoLP) are critical. The operations team consists of:
Person A is a database administrator.
Person B is an analyst who generates metric reports.
Application C is responsible for automatic backups.
You need to assign roles to team members for Cloud Spanner. Which roles should you assign?

Answer options

• A. roles/spanner.databaseAdmin for Person A roles/spanner.databaseReader for Person B roles/spanner.backupWriter for Application C
• B. roles/spanner.databaseAdmin for Person A roles/spanner.databaseReader for Person B roles/spanner.backupAdmin for Application C
• C. roles/spanner.databaseAdmin for Person A roles/spanner.databaseUser for Person B roles/spanner databaseReader for Application C
• D. roles/spanner.databaseAdmin for Person A roles/spanner.databaseUser for Person B roles/spanner.backupWriter for Application C

Correct answer: A

Explanation

The correct answer is A because it assigns the most suitable roles based on the principle of least privilege: Person A needs database admin access, Person B should have read access for report generation, and Application C requires write access for backups. Options B and C either assign inappropriate roles or do not align with the least privilege principle, and option D incorrectly provides a user role instead of the required reader role for Person B.