ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Data Engineer All Questions

View all questions & answers for the Professional Data Engineer exam
Go to Exam

Exam Professional Data Engineer topic 1 question 149 discussion

Actual exam question from Google's Professional Data Engineer
Question #: 149
Topic #: 1
[All Professional Data Engineer Questions]

You are migrating your data warehouse to BigQuery. You have migrated all of your data into tables in a dataset. Multiple users from your organization will be using the data. They should only see certain tables based on their team membership. How should you set user permissions?

  • A. Assign the users/groups data viewer access at the table level for each table
  • B. Create SQL views for each team in the same dataset in which the data resides, and assign the users/groups data viewer access to the SQL views
  • C. Create authorized views for each team in the same dataset in which the data resides, and assign the users/groups data viewer access to the authorized views
  • D. Create authorized views for each team in datasets created for each team. Assign the authorized views data viewer access to the dataset in which the data resides. Assign the users/groups data viewer access to the datasets in which the authorized views reside
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by madhu1171 at March 15, 2020, 5:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
someshsehgal
Highly Voted 3 years, 12 months ago
Correct A: A . Now it is feasible to provide table level access to user by allowing user to query single table and no other table will be visible to user in same dataset.
upvoted 41 times
BigDataBB
10 months ago
the request says "team membership", so access depends on the team and not the user
upvoted 1 times
...
Shiv_am
3 years, 5 months ago
A is not at all possible
upvoted 2 times
squishy_fishy
3 years, 4 months ago
It is possible for about a year now. https://cloud.google.com/bigquery/docs/table-access-controls-intro#example_use_case
upvoted 8 times
...
...
alecuba16
2 years, 6 months ago
The problem is that option A has a lot of work for the DevOps, meanwhile option D is easier to manage. The view is like having a shortcut to the same data, but with different permissions
upvoted 2 times
cetanx
1 year, 8 months ago
According to Chat GPT, it is also D. And it explains why it shouldn't be "A" as; Granularity: While you can assign access permissions at the table level, it doesn't allow for fine-grained access control. For example, if you want to restrict access to certain columns or rows within a table based on user or group, table-level permissions would not be sufficient. Scalability: In organizations with many tables and users, managing permissions at the table level can quickly become unwieldy. You would need to individually set permissions for each user for each table, which can be time-consuming and error-prone. Security: Table-level permissions expose the entire table to a user or a group. If the data in the table changes over time, users might get access to data they shouldn't see. With authorized views, you have more control over what data is exposed. Maintenance: If the structure of your data changes (for instance, if tables are added or removed, or if the schema of a table changes), you would need to manually update the permissions for each affected table.
upvoted 3 times
...
...
jits1984
3 years, 3 months ago
Should still be D. Question states - "They should only see certain tables based on their team membership" Option A states - Assign the users/groups data viewer access at the table level for each table With A, everyone will see every table. Hence D.
upvoted 11 times
...
...
madhu1171
Highly Voted 4 years, 10 months ago
D should be the answer
upvoted 27 times
squishy_fishy
3 years, 4 months ago
There is only one dataset mentioned in the question here. "You have migrated all of your data into tables in a dataset"
upvoted 3 times
...
ducc
2 years, 5 months ago
It is updated, now A is correct
upvoted 1 times
...
...
plum21
Most Recent 3 days, 11 hours ago
Selected Answer: D
The question was created at the time when it was not possible to share data on table level (dataset was the only option). At that time D was possible only. Right now A is feasible as well.
upvoted 1 times
...
LP_PDE
1 month ago
Selected Answer: C
Authorized views provide a centralized way to manage access. You define the data each team can see in a view and then grant access to that view. This is much easier to maintain and update than managing permissions on individual tables. Why not D? - Option D suggests creating separate datasets for each team and using authorized views within those datasets. This adds unnecessary complexity and overhead. You would need to manage multiple datasets.You would need to grant the authorized views access to the original dataset.
upvoted 1 times
...
SamuelTsch
3 months, 1 week ago
Selected Answer: A
Table level access could be done in bigquery.
upvoted 2 times
...
JamesKarianis
5 months, 3 weeks ago
Selected Answer: D
Recommended approach
upvoted 1 times
...
dsyouness
8 months ago
Selected Answer: D
Should be D.
upvoted 2 times
...
MaxNRG
1 year, 1 month ago
Selected Answer: D
https://cloud.google.com/solutions/migration/dw2bq/dw-bq-data-governance When you create the view, it must be created in a dataset separate from the source data queried by the view. Because you can assign access controls only at the dataset level, if the view is created in the same dataset as the source data, your users would have access to both the view and the data. https://cloud.google.com/bigquery/docs/authorized-views This approach aligns with the Google Cloud best practices for data governance, ensuring that users can only access the data intended for them without having direct access to the source tables. Authorized views serve as a secure interface to the underlying data, and by placing these views in separate datasets per team, you can manage permissions effectively at the dataset level.
upvoted 4 times
...
lokiinaction
1 year, 2 months ago
but the question said that all data are copied into one dataset. so it should be C
upvoted 2 times
...
spicebits
1 year, 2 months ago
A is the best answer for security as stated in the documentation - https://cloud.google.com/bigquery/docs/row-level-security-intro#comparison_of_authorized_views_row-level_security_and_separate_tables
upvoted 2 times
...
EsaP
1 year, 4 months ago
A is a better fit than D for this case
upvoted 1 times
...
barnac1es
1 year, 4 months ago
Selected Answer: C
Authorized Views: Authorized views in BigQuery allow you to control access to specific rows and columns within a table. This means you can create views for each team that restrict access to only the data relevant to that team. Single Dataset: Keeping all the authorized views and the underlying data in the same dataset simplifies management and access control. It avoids the need to create multiple datasets, making the permission management process more straightforward. Option A (assigning data viewer access at the table level) would not provide the granularity you need, as it would allow users to see all tables in the dataset. This does not align with the requirement to restrict access based on team membership.
upvoted 1 times
...
arien_chen
1 year, 5 months ago
Selected Answer: D
https://cloud.google.com/bigquery/docs/share-access-views#:~:text=the%20source%20data.-,Authorized%20views,-should%20be%20created For best practice, Option D is bettern than others.
upvoted 1 times
...
midgoo
1 year, 10 months ago
Selected Answer: A
[A] is correct if it is for individual table However, in practice we normally do [C] as most of the time, the view is a JOIN of a few tables or a subset of the table (some columns removed)
upvoted 2 times
...
musumusu
1 year, 11 months ago
Answer A, Trick here is, if question is not asking for data level Access such as some rows or columns, don't go for authorized view in that case i would go for C. If it's Table level request only in question, then A is simple answer
upvoted 1 times
...
zellck
2 years, 2 months ago
Selected Answer: A
A is the answer. https://cloud.google.com/bigquery/docs/control-access-to-resources-iam#grant_access_to_a_table_or_view
upvoted 2 times
...
gudiking
2 years, 2 months ago
Selected Answer: A
A - table level access control now exists: https://cloud.google.com/bigquery/docs/table-access-controls-intro#example_use_case
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago