Google Cloud Certified Associate Cloud Engineer Practice

You've been asked to help onboard a new member of the big-data team. They need full access to BigQuery. Which type of role would be the most efficient to set up while following the principle of least privilege?

• A. Primitive Role
• B. Custom Role
• C. Managed Role
• D. Predefined Role

The correct answer is: Predefined Role

The choice of a predefined role for granting full access to BigQuery while adhering to the principle of least privilege is efficient for several reasons. Predefined roles are Google Cloud's built-in roles that have been developed to encapsulate common use cases or tasks users would need to perform within a service, such as BigQuery. By selecting a predefined role specifically designed for BigQuery, the new team member will gain the permissions necessary to perform their job without being granted excessive permissions that could arise from using a more general or broader primitive role. This not only efficiently grants the required access but also minimizes security risks by ensuring that the user operates within clearly defined capabilities. Predefined roles are maintained and updated by Google, ensuring that they evolve with the service and any associated best practices for security. This automatic updating means that when a new feature is integrated into BigQuery, the predefined roles can be adjusted accordingly, reducing the administrative burden of constantly managing custom permissions. In contrast, a custom role would require a deeper understanding of the specific permissions necessary for the user’s role, which could lead to potential misconfigurations or oversight. Primitive roles, which are very broad in nature, can expose resources unnecessarily. Managed roles, as a conceptual term, vary and may not directly