Exam Professional Cloud Architect topic 1 question 179 discussion

Materialized view is too costly for the requirement. So B & D is out. To protect PII, there is no need to create another dataset. Creating a view on the original dataset should be sufficient. In addition, according to https://cloud.google.com/bigquery/docs/view-access-controls, view access can be granted at the 'dataset' level.

C is correct here. You need view to avoid PII data. So materialized view is not needed.

Devil is in the details. Question mentioned table"s". Which mean we have more than 1 table which will result in more than 1 view. You can authorize each view on "same" dataset or group all view"s" in a dataset then authorize the dataset. This does not answer the question (may be wording) but this is the concept behind the question.

C: view in a different dataset (https://cloud.google.com/bigquery/docs/share-access-views: "Authorized views should be created in a different dataset from the source data. That way, data owners can give users access to the authorized view without simultaneously granting access to the underlying data.")

I went with C. A will prevent data scientists from viewing PII in the view, it doesn't stop them from viewing it in the table however.

https://cloud.google.com/bigquery/docs/share-access-views#create_a_dataset_where_you_can_store_your_view

It's no needed to create a new dataset and for sure is not cost-effective. A is best option

It should be option A the question states minimize cost and time, option C though has better security requires additional step.

Option A is not the best choice because it doesn't involve creating a separate dataset for the data science team. Creating a separate dataset provides better organization and access control management for different teams. In option C, you create a separate dataset specifically for the data science team and then create views that exclude PII. This allows for more granular access controls and a better separation of concerns. By authorizing the view to access the source dataset, you ensure that the data science team can only access the non-PII data through the views, maintaining privacy and compliance.

Option C are not appropriate because creating a new dataset is not necessary in this scenario. Creating views of the tables that exclude PII is a simpler and more cost-effective solution. Additionally, authorizing the view to access the source dataset is not necessary because the view already contains the relevant data.

C = A + One additional step to create the dataset which is not necessary so the answer is A

No need for materialized view which is an operational overhead.

A. From the dataset where you have the source data, create views of tables that you want to share, excluding PII. 2. Assign an appropriate project-level IAM role to the members of the data science team. 3. Assign access controls to the dataset that contains the view. This solution will minimize cost and the time it takes to assign appropriate access to the tables. The other options are not as efficient or effective.

I vote for C. Option C provides better security option.

A is my answer.

Agree with C from the link with google best practice https://cloud.google.com/bigquery/docs/share-access-views#create_a_dataset_where_you_can_store_your_view Create a dataset where you can store your view After creating your source dataset, you create a new, separate dataset to store the authorized view that you share with your data analysts. In a later step, you grant the authorized view access to the data in the source dataset. Your data analysts then have access to the authorized view, but not direct access to the source data.

Materialized views costs more than normal ones. Creating a new dataset is not cost-effective. You can use authorized views to restrict data access. From Google doc: Giving a view access to a dataset is also known as creating an authorized view in BigQuery. An authorized view lets you share query results with particular users and groups without giving them access to the underlying tables. You can also use the view's SQL query to restrict the columns (fields) the users are able to query. Users need the bigquery.tables.getData permission on all tables and views that their query references. In addition, when querying a view users need this permission on all underlying tables and views. However, if you are using authorized views or authorized datasets, you don't need to give users access to the underlying source data. Reference: https://cloud.google.com/bigquery/docs/share-access-views https://cloud.google.com/bigquery/docs/table-access-controls#required_permission_to_query_tables_and_views