You are a DBA of Cloud SQL for PostgreSQL. You want the applications to have password-less authentication for read and write access to the database. Which authentication mechanism should you use?
A.
Use Identity and Access Management (IAM) authentication.
B.
Use Managed Active Directory authentication.
C.
Use Cloud SQL federated queries.
D.
Use PostgreSQL database's built-in authentication.
A.
Google wants you to use IAM regardless. PostgreSQL built-in authentication requires a username and a password. That rules out D. Federated queries are queries originating from BigQuery to Cloud SQL. Eliminate C. AD is strongly tied to SQL Server. Eliminate B. That leaves A.
A: https://cloud.google.com/sql/docs/postgres/authentication
Cloud SQL provides a set of predefined roles designed to help you control access to your Cloud SQL resources. You can also create your own custom roles, if the predefined roles don't provide the sets of permissions you need. In addition, the legacy basic roles (Editor, Viewer, and Owner) are also still available to you, although they don't provide the same fine-grained control as the Cloud SQL roles. In particular, the basic roles provide access to resources across Google Cloud, rather than just for Cloud SQL. For more information about basic Google Cloud roles, see Basic roles.
You can set an IAM policy at any level in the resource hierarchy: the organization level, the folder level, or the project level. Resources inherit the policies of all of their parent resources.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dynamic_dba
Highly Voted 1 year, 7 months agoPime13
Most Recent 5 months, 3 weeks agoabdenago
1 year, 4 months agoshaiz98
1 year, 6 months ago