A Data Science team needs to access BigQuery and TensorFlow but should not be able to modify IAM settings. Which combination of predefined roles would you assign to the Data Science team to enforce the least privilege principle?
Choose an answer
Tap an option to check your answer.
Correct answer: BigQuery User and ML Engine User.
Why this is the answer
The correct option is BigQuery User and ML Engine User because these roles provide the necessary permissions for data scientists to interact with BigQuery and TensorFlow (via ML Engine) without granting excessive privileges, aligning with the principle of least privilege. BigQuery User allows querying and reading data, creating datasets, and running jobs, but not managing IAM policies. ML Engine User grants permissions to create and manage jobs, models, and versions within AI Platform (formerly ML Engine), but again, it does not include IAM modification rights. BigQuery Admin and ML Engine Developer are too permissive as they include permissions to manage IAM policies or have broader administrative control. BigQuery Data Editor and ML Engine Viewer, or BigQuery Data Viewer and ML Engine Editor, are either too restrictive for the BigQuery side (Data Editor/Viewer) or too permissive for ML Engine (Editor) while still not addressing the core requirement of avoiding IAM modification.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed