Your company is using BigQuery as its enterprise data warehouse.
Data is distributed over several Google Cloud projects.
All queries on BigQuery need to be billed on a single project.
You want to make sure that no query costs are incurred on the projects that contain the data.
Users should be able to query the datasets, but not edit them.
How should you configure users' access roles?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The correct answer is option B: Add all users to a group. Grant the group the roles of BigQuery dataViewer on the billing project and BigQuery user on the projects that contain the data.
Here's why:
To ensure that all queries on BigQuery are billed on a single project and no query costs are incurred on the projects that contain the data, you need to create a billing project and move all datasets to this project. This will be the project that will be billed for all queries.
Now, to grant users access to the datasets without allowing them to edit the data, you need to assign the appropriate roles to them.
In this scenario, you should create a group and add all the users to that group. This way, you can easily manage access for all users at once.
Next, you need to grant the group the following roles:
BigQuery dataViewer on the billing project: This role allows users to view data in all datasets in the billing project, but does not allow them to modify the data.
BigQuery user on the projects that contain the data: This role allows users to query the datasets in the projects that contain the data, but does not allow them to modify the data.
By assigning these roles, you ensure that users can query the data they need without incurring any query costs on the projects that contain the data. Additionally, users cannot edit or modify the data, which helps to maintain data integrity and security.
Option A is incorrect because it grants the group the role of BigQuery user on the projects that contain the data. This role would allow users to modify the data, which is not what is required in this scenario.
Option C is incorrect because it grants the group the role of BigQuery jobUser on the billing project. This role allows users to submit jobs to BigQuery, but does not allow them to view or query data.
Option D is incorrect because it grants the group the role of BigQuery jobUser on the projects that contain the data. This role allows users to submit jobs to BigQuery, but does not allow them to view or query data.