You are implementing Firestore for Mountkirk Games. Mountkirk Games wants to give a new game programmatic access to a legacy game's Firestore database. Access should be as restricted as possible. What should you do?
Choose an answer
Tap an option to check your answer.
Correct answer: Create a service account (SA) in the legacy game's Google Cloud project, add this SA in the new game's IAM page, and then give it the Firebase Admin role in both projects..
Why this is the answer
The correct approach is to create a service account (SA) in the legacy game's project, as this is where the Firestore database resides. This SA then needs to be granted the necessary permissions to access Firestore. The Firebase Admin role is appropriate for programmatic access to Firebase services like Firestore. To allow the new game to use this SA, it must be added to the new game's IAM page. Granting the Firebase Admin role in both projects ensures the SA has the required permissions regardless of which project context it's operating within when accessing the legacy Firestore. The other options are incorrect because: Giving the Organization Admin role is overly permissive and violates the principle of least privilege. Migrating the new game to the legacy project is an unnecessary and potentially complex step that doesn't directly address the access control requirement.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed