Google Professional Cloud Database Engineer Exam - Topic 10 Question 68 Discussion

Actual exam question for Google's Professional Cloud Database Engineer exam

Question #: 68
Topic #: 10

[All Professional Cloud Database Engineer Questions]

An analytics team needs to read data out of Cloud SQL for SQL Server and update a table in Cloud Spanner. You need to create a service account and grant least privilege access using predefined roles. What roles should you assign to the service account?

Aroles/cloudsql.viewer and roles/spanner.databaseUser

Broles/cloudsql.editor and roles/spanner.admin

Croles/cloudsql.client and roles/spanner.databaseReader

Droles/cloudsql.instanceUser and roles/spanner.databaseUser

Show Suggested Answer

Suggested Answer: A

To read data out of Cloud SQL for SQL Server, you need to use a service account with the roles/cloudsql.viewer role on the Cloud SQL instance. This role grants the service account permission to read data from the instance. Whereas roles/cloudsql.instanceUser will only allow to login to cloud SQL instance. No resource will be allowed to view.

by Alesia at Mar 31, 2026, 12:22 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Database Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Carmela

7 hours ago

I think the least privilege principle means we should avoid roles that give too much access, so maybe A or D?

upvoted 0 times

...