You are configuring service accounts for an application that spans multiple projects.
Virtual machines (VMs) running in the web-applications project need access to BigQuery datasets in crm-databases-proj.
You want to follow Google-recommended practices to give access to the service account in the web-applications project.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://cloud.google.com/blog/products/gcp/best-practices-for-working-with-google-cloud-audit-loggingTo give VMs running in the web-applications project access to BigQuery datasets in crm-databases-proj while following Google-recommended practices, the best approach is to use service accounts.
A service account is a special type of Google Account that belongs to the application or service rather than to an individual end-user. When a service account is used, the application or service authenticates as the service account, and is granted the permissions that the service account has been given.
To give access to BigQuery datasets in crm-databases-proj to the service account in the web-applications project, the following steps can be taken:
Option A: Giving project owner for web-applications appropriate roles to crm-databases-proj is not recommended because it would grant too much privilege to the web-applications project owner.
Option B: Giving project owner role to both projects is also not recommended because it would grant too much privilege to the project owners.
Option C: Giving project owner role to crm-databases-proj and bigquery.dataViewer role to web-applications is partially correct. However, it grants more privilege than necessary to crm-databases-proj, which could be a security risk.
Option D: Giving bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications is also partially correct. However, it does not specify which roles to give to the web-applications project, which could lead to granting too much privilege to the project.