Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Data Engineer Exam - Topic 4 Question 96 Discussion

Actual exam question for Google's Professional Data Engineer exam
Question #: 96
Topic #: 4
[All Professional Data Engineer Questions]

You have a BigQuery dataset named "customers". All tables will be tagged by using a Data Catalog tag template named "gdpr". The template contains one mandatory field, "has sensitive data~. with a boolean value. All employees must be able to do a simple search and find tables in the dataset that have either true or false in the "has sensitive data" field. However, only the Human Resources (HR) group should be able to see the data inside the tables for which "hass-ensitive-data" is true. You give the all employees group the bigquery.metadataViewer and bigquery.connectionUser roles on the dataset. You want to minimize configuration overhead. What should you do next?

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure that all employees can search and find tables with GDPR tags while restricting data access to sensitive tables only to the HR group, follow these steps:

Data Catalog Tag Template:

Use Data Catalog to create a tag template named 'gdpr' with a boolean field 'has sensitive data'. Set the visibility to public so all employees can see the tags.

Roles and Permissions:

Assign the datacatalog.tagTemplateViewer role to the all employees group. This role allows users to view the tags and search for tables based on the 'has sensitive data' field.

Assign the bigquery.dataViewer role to the HR group specifically on tables that contain sensitive data. This ensures only HR can access the actual data in these tables.

Steps to Implement:

Create the GDPR Tag Template:

Define the tag template in Data Catalog with the necessary fields and set visibility to public.

Assign Roles:

Grant the datacatalog.tagTemplateViewer role to the all employees group for visibility into the tags.

Grant the bigquery.dataViewer role to the HR group on tables marked as having sensitive data.


Data Catalog Documentation

Managing Access Control in BigQuery

IAM Roles in Data Catalog

by Andra at Sep 14, 2024, 12:33 AM

Limited Time Offer

25%

Off

Get Premium Professional Data Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Yaeko
4 months ago
Not sure if this setup really minimizes configuration overhead.
upvoted 0 times
...
Desire
4 months ago
Totally agree with B, it balances access and security well.
upvoted 0 times
...
Truman
4 months ago
Wait, why would we want public visibility for sensitive data?
upvoted 0 times
...
Curt
4 months ago
I disagree, I think option D is more straightforward.
upvoted 0 times
...
Vallie
5 months ago
Option B seems like the best choice for visibility and access.
upvoted 0 times
...
Nan
5 months ago
I recall that having the tag template public could lead to issues with sensitive data visibility. Maybe option A or B is safer?
upvoted 0 times
...
Shelia
5 months ago
I’m a bit confused about the roles. Do we really need to assign the bigquery.dataViewer role to HR if they already have access through the tag?
upvoted 0 times
...
Vi
5 months ago
I think we practiced a similar question where HR needed special access. I feel like option B might be the right choice since it mentions both visibility and roles.
upvoted 0 times
...
Stacey
5 months ago
I remember we discussed the importance of visibility settings for tag templates, but I'm not sure if public or private is better for this scenario.
upvoted 0 times
...
Amie
5 months ago
Okay, I think I've got it. The solution that gives all employees the ability to search for sensitive data tables, while restricting access to the HR group, seems like the best approach.
upvoted 0 times
...
Willow
5 months ago
Hmm, the key seems to be minimizing configuration overhead while ensuring the right access controls. I'll need to carefully consider the options.
upvoted 0 times
...
Angelo
5 months ago
This question seems straightforward, but I want to make sure I understand the requirements correctly before selecting an answer.
upvoted 0 times
...
Iluminada
6 months ago
This is a tricky one. I'm leaning towards option B, but I want to double-check the details on the tag template visibility and role assignments.
upvoted 0 times
...
Camellia
6 months ago
Changing the code if the problem persists seems like a good backup plan, but I want to try the other fixes first before going that route.
upvoted 0 times
...
Dulce
1 year ago
Wait, did they say 'minimize configuration overhead'? In that case, I'm going with option B. Seems like the sweet spot between security and usability. Plus, who doesn't love a little data catalog action?
upvoted 0 times
...
Pura
1 year ago
Option C? Really? Public tag template and just giving the HR group access to the data? That's like painting a big 'sensitive data' sign on everything. Hard pass.
upvoted 0 times
Agustin
1 year ago
Yeah, Option A is the safest choice. We have to prioritize data security.
upvoted 0 times
...
Viola
1 year ago
Definitely, Option A is the most secure option. We don't want to make sensitive data public.
upvoted 0 times
...
Carma
1 year ago
I agree, Option A is the way to go. We need to minimize the visibility of sensitive data.
upvoted 0 times
...
Franchesca
1 year ago
Option A seems like the best choice. Keep the tag template private and only give HR access to sensitive data.
upvoted 0 times
...
...
Tracey
1 year ago
I'm not sure. Wouldn't it be better to create the 'gdpr' tag template with public visibility and assign the datacatalog.tagTemplateViewer role to all employees?
upvoted 0 times
...
Mitsue
1 year ago
I agree with Lorrie. This way, we can ensure that only the HR group has access to the sensitive data while minimizing configuration overhead.
upvoted 0 times
...
Lelia
1 year ago
Option A seems like the simplest solution, but I'm worried about the all employees group not being able to see the tags at all. That could make searching a real pain.
upvoted 0 times
...
Charisse
2 years ago
Hmm, option D looks tempting, but I'm not sure about making the tag template public. Wouldn't that be a security risk? I'd rather keep things a little more locked down.
upvoted 0 times
Nan
1 year ago
I agree, option B seems like a better choice. Keeping the tag template private is important for security.
upvoted 0 times
...
Vincenza
1 year ago
B) Create the 'gdpr' tag template with private visibility. Assign the datacatalog.tagTemplateViewer role on this tag to the all employees group, and assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
upvoted 0 times
...
Anglea
1 year ago
A) Create the 'gdpr' tag template with private visibility. Assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
upvoted 0 times
...
...
Lorrie
2 years ago
I think we should create the 'gdpr' tag template with private visibility and assign the bigquery.dataViewer role to the HR group on the tables with sensitive data.
upvoted 0 times
...
Lashon
2 years ago
I think option B is the way to go. Keeping the tag template private and giving the all employees group the tag viewer role seems like a good way to balance access and privacy.
upvoted 0 times
Sylvie
1 year ago
Yes, option B minimizes configuration overhead and ensures that only the HR group can access the sensitive data. It's a good balance of access control.
upvoted 0 times
...
Jennifer
1 year ago
I agree, option B seems like the best choice here. It allows the HR group to see sensitive data while keeping the tag template private for all employees.
upvoted 0 times
...
...

Save Cancel