ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Data Engineer All Questions

View all questions & answers for the Professional Data Engineer exam
Go to Exam

Exam Professional Data Engineer topic 1 question 272 discussion

Actual exam question from Google's Professional Data Engineer
Question #: 272
Topic #: 1
[All Professional Data Engineer Questions]

You have a BigQuery dataset named “customers”. All tables will be tagged by using a Data Catalog tag template named “gdpr”. The template contains one mandatory field, “has_sensitive_data”, with a boolean value. All employees must be able to do a simple search and find tables in the dataset that have either true or false in the “has_sensitive_data’ field. However, only the Human Resources (HR) group should be able to see the data inside the tables for which “has_sensitive data” is true. You give the all employees group the bigquery.metadataViewer and bigquery.connectionUser roles on the dataset. You want to minimize configuration overhead. What should you do next?

  • A. Create the “gdpr” tag template with private visibility. Assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
  • B. Create the “gdpr” tag template with private visibility. Assign the datacatalog.tagTemplateViewer role on this tag to the all employees group, and assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
  • C. Create the “gdpr” tag template with public visibility. Assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
  • D. Create the “gdpr” tag template with public visibility. Assign the datacatalog.tagTemplateViewer role on this tag to the all employees group, and assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by scaenruy at Jan. 3, 2024, 6:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
raaad
Highly Voted 1 year, 3 months ago
Selected Answer: C
- The most straightforward solution with minimal configuration overhead. - By creating the "gdpr" tag template with public visibility, you ensure that all employees can search and find tables based on the "has_sensitive_data" field. - Assigning the bigquery.dataViewer role to the HR group on tables with sensitive data ensures that only they can view the actual data in these tables.
upvoted 18 times
ML6
1 year, 2 months ago
Wouldn't employees still need the roles/datacatalog.tagTemplateViewer role to view private AND public tags? To get the permissions that you need to view public and private tags on Bigtable resources, ask your administrator to grant you the following IAM roles: - roles/datacatalog.tagTemplateViewer - roles/bigtable.viewer Source: https://cloud.google.com/bigtable/docs/manage-data-assets-using-data-catalog#permissions-view-tags
upvoted 2 times
...
ML6
1 year, 2 months ago
Ignore the last reply. The correct answer would be C. Tags = Custom metadata fields that you can attach to a data entry to provide context. Tag templates = Reusable structures that you can use to rapidly create new tags. In short, the employees do not need a tagTemplateViewer role because it pertains to the tag templates, not the tags themselves.
upvoted 1 times
...
...
Pime13
Most Recent 3 months, 2 weeks ago
Selected Answer: D
Option C: Public Visibility: Ensures that all employees can see the tags and their values. Data Viewer Role for HR: Restricts access to the data inside the tables with sensitive data to the HR group. Option D: Public Visibility: Ensures that all employees can see the tags and their values. Tag Template Viewer Role: Explicitly grants the datacatalog.tagTemplateViewer role to the all employees group, ensuring they can view the tags. Data Viewer Role for HR: Restricts access to the data inside the tables with sensitive data to the HR group. While both options provide public visibility for the tags and restrict data access to the HR group, Option D explicitly grants the datacatalog.tagTemplateViewer role to the all employees group, ensuring they can view the tags and perform searches based on the "hs_sensitive_data" field.
upvoted 1 times
Pime13
3 months, 2 weeks ago
You can search for public tags using simple search. You can view a data entry, including its public tags, as long as you have the required permissions to view the data entry. No additional permissions on the tag template are required. For permissions required to view the data entry, see the table in this section. However, we recommend to also grant the datacatalog.tagTemplates.get permission to users who are expected to search for these public tags. This permission allows users to also use the search predicate tag: or use the tag template search facet in the Data Catalog search page. For private tags, you need view permissions on both the tag template and the data entry to search for the tag and to see the tag in the entry detail page. Users must use the tag: search predicate or the tag template search facet to find the tags; simple search for private tags isn't supported.
upvoted 1 times
...
...
meh_33
8 months, 2 weeks ago
Selected Answer: C
This Guy Raasd is mostly correct with explanation thanks mate.
upvoted 2 times
...
iooj
8 months, 3 weeks ago
A - employees cannot use the tag B - increases the configuration overhead C - exactly what we need D - unnecessary role assignment, the tag template is already visibile
upvoted 1 times
...
d11379b
1 year, 1 month ago
Selected Answer: C
While D works well, it is not obligated to give all employees the role of tagTemplateViewer, as it will give them the view permission for tag templates as well as the tags created by the template. However, Tags are a type of business metadata. Adding tags to a data entry helps provide meaningful context to anyone who needs to use the asset.And public tags provide less strict access control for searching and viewing the tag as compared to private tags. Any user who has the required view permissions for a data entry can view all the public tags associated with it. View permissions for public tags are only required when you perform a search in Data Catalog using the tag: syntax or when you view an unattached tag template.
upvoted 2 times
d11379b
1 year, 1 month ago
As all employees have the role “ bigquery.metadataViewer” they are already capable to see tags on BigQuery then
upvoted 1 times
...
...
JyoGCP
1 year, 2 months ago
Selected Answer: C
I'll go with raaad's answer
upvoted 2 times
...
tibuenoc
1 year, 2 months ago
Selected Answer: B
If you working with PII, We can't granted public access. So Private Visibility for the Tag Template its the best option. Check it https://cloud.google.com/data-catalog/docs/tags-and-tag-templates
upvoted 4 times
...
scaenruy
1 year, 3 months ago
Selected Answer: D
D. Create the “gdpr” tag template with public visibility. Assign the datacatalog.tagTemplateViewer role on this tag to the all employees group, and assign the bigquery.dataViewer role to the HR group on the tables that contain sensitive data.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago