Exam Professional Data Engineer topic 1 question 26 discussion

The Answer should be B. The Dataflow developer role will not provide access to the underlying data.

Answer: B Description: Provides the permissions necessary to execute and manipulate Dataflow jobs.

The answer cannot be B, because B is too retrictive, it can only create and manage dataflow jobs, but cannot view data. I acknowledge that is secure, but no consultant can do the job without seeing representative test data. D is the only one that provides enough to do the job, while still remaining totally private.

D cannot be the answer because the question clearly states the developer has to work in your project. Creating another project is not in scope and is a waste of time. Correct answer is B. Developer role has developer rights only, no view rights.

A. Grant the consultant the Viewer role on the project. This role provides read-only access to all resources in the project, which could expose sensitive data to the consultant, violating privacy principles. B. Grant the consultant the Cloud Dataflow Developer role on the project. This role allows the consultant to create and manage Dataflow jobs but does not give them access the underlying data, it is not sufficient, the developer still needs data. - C. Create a service account and allow the consultant to log on with it. Allowing the consultant to log on with a service account could grant them access to sensitive data if the service account has broad permissions. This approach does not address the need to limit data exposure. - D. Create an anonymized sample of the data for the consultant to work with in a different project. - this fits the requrements

D B is a good option to maintain privacy of sensitive data, but he also need some test data to validate the transformation logic right, so creating sample data and allow him to test in another project seems good.

Data flow data privacy rules cant allow the developer to see what the data, He/she just designs the pipelines and the flow as the interdependent tasks for the composer

B as the Dataflow developer role would help provide the third-party consultant access to create and work on the Dataflow pipeline. However, it does not provide access to view the data, thus maintaining user's privacy. Refer GCP documentation - Dataflow roles: https://cloud.google.com/dataflow/docs/concepts/access-control#roles Option A is wrong as it would not allow the consultant to work on the pipeline. Option C is wrong as the consultant cannot use the service account to login. Option D is wrong as it does not enable collaboration.

C and A will not maintain user's privacy so out. B without data will be enough. D will give a good sample data, maintain privacy and the consultant will help creating the dataflow pipe for the project as requested. so D.

I follow the corresponding logic choosing between B and D: Yes, with the Dataflow Developer role it is possible to execute and manipulate Dataflow jobs, but do we need to execute it? Based on my understanding we only need to ask for help to write it down. Is it possible without having access to test the data? I don't think so. At the same time, we need to perform an anonymization on it. So the answer D is more appropriate for me

By creating an anonymized sample of the data, you can provide the consultant with a realistic dataset that doesn't contain sensitive or private information. This way, the consultant can work on the project without direct access to sensitive data, reducing privacy risks. Options A and B involve granting the consultant access to the project, which may expose sensitive data, even if they have limited permissions. Option C involves creating a service account, but it doesn't address the need to anonymize the data or provide a separate, safe environment for the consultant to work with. Option D provides a controlled environment that allows the consultant to work effectively while maintaining data privacy.

D. Create an anonymized sample of the data for the consultant to work within a different project. By creating an anonymized sample of the data, you can provide the consultant with a realistic dataset that doesn't contain sensitive or private information. This way, the consultant can work on the project without direct access to sensitive data, reducing privacy risks. Options A and B involve granting the consultant access to the project, which may expose sensitive data, even if they have limited permissions. Option C involves creating a service account, but it doesn't address the need to anonymize the data or provide a separate, safe environment for the consultant to work with. Option D provides a controlled environment that allows the consultant to work effectively while maintaining data privacy.

D. Creating an anonymized sample of the data for the consultant to work with in a different project is the safest option. This way, the consultant can develop and test the transformation logic without accessing the real, sensitive data.

I think C would be correct, as the question says external consultants want to do some work and how we can maintain the 'external consultant' user privacy. Question didn't mention about the company user data or customer information.

Answer: C

Dataflow Developer (roles/dataflow.developer) Provides the permissions necessary to execute and manipulate Dataflow jobs.

Unfortunately it's the Service Account answer: "The developer who creates and examines jobs needs the roles/iam.serviceAccountUser role." - https://cloud.google.com/dataflow/docs/concepts/access-control#example