Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets.
You want a solution that follows Google-recommended practices.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The correct answer for this question is C. Create a custom role by removing delete permissions, and add users to that role only.
BigQuery is a fully managed, serverless data warehouse that enables super-fast SQL queries using the processing power of Google's infrastructure. When granting users access to query datasets in BigQuery, it's important to ensure that they are not able to accidentally delete the datasets. Therefore, you need to implement a solution that follows Google-recommended practices for access control in BigQuery.
To achieve this, you can create a custom role in IAM that removes the delete permission for datasets. By doing so, users who are assigned this role will be able to query datasets in BigQuery but will not be able to delete them. This approach provides the necessary level of access while ensuring the security of the data.
Option A, adding users to roles/bigquery user role only, is not recommended as it grants read-only access to datasets, but users can still accidentally delete datasets if they are not careful.
Option B, adding users to roles/bigquery dataEditor role only, is not recommended either, as it grants users the ability to modify datasets in addition to querying them, and they can still accidentally delete datasets.
Option D, creating a custom role by removing delete permissions, adding users to the group, and then adding the group to the custom role, is an unnecessary step. It's simpler and more efficient to create a custom role directly and add users to that role.
In conclusion, to grant users access to query datasets in BigQuery while preventing them from accidentally deleting the datasets, you should create a custom role by removing delete permissions and add users to that role only.