Your organization needs to grant users access to query datasets in BigQuery but prevent them from accidentally deleting the datasets. You want a solution that follows Google-recommended practices. What should you do?
A.
Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.
B.
Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.
C.
Create a custom role by removing delete permissions, and add users to that role only.
D.
Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.
Custom roles enable you to enforce the principle of least privilege, ensuring that the user and service accounts in your organization have only the permissions essential to performing their intended functions.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit