Google Cloud Professional Data Engineer — Question 85

You are integrating one of your internal IT applications and Google BigQuery, so users can query BigQuery from the application's interface. You do not want individual users to authenticate to BigQuery and you do not want to give them access to the dataset. You need to securely access BigQuery from your IT application. What should you do?

Answer options

• A. Create groups for your users and give those groups access to the dataset
• B. Integrate with a single sign-on (SSO) platform, and pass each user's credentials along with the query request
• C. Create a service account and grant dataset access to that account. Use the service account's private key to access the dataset
• D. Create a dummy user and grant dataset access to that user. Store the username and password for that user in a file on the files system, and use those credentials to access the BigQuery dataset

Correct answer: C

Explanation

The correct answer is C because using a service account allows secure access to BigQuery without exposing individual user credentials or granting direct access to the dataset. Option A is incorrect as it still allows group access, which doesn't meet the requirement for individual user authentication. Option B is not suitable as it requires passing user credentials, which you want to avoid. Option D is insecure, as storing credentials in a file poses significant security risks.