Skip to main content

Question 217

You have a BigQuery table that contains customer data, including sensitive information such as names and addresses. You need to share the customer data with your data analytics and consumer support teams securely. The data analytics team needs to access the data of all the customers, but must not be able to access the sensitive data. The consumer support team needs access to all data columns, but must not be able to access customers that no longer have active contracts. You enforced these requirements by using an authorized dataset and policy tags. After implementing these steps, the data analytics team reports that they still have access to the sensitive columns. You need to ensure that the data analytics team does not have access to restricted data. What should you do? (Choose two.)

  • A. Create two separate authorized datasets; one for the data analytics team and another for the consumer support team.
  • B. Ensure that the data analytics team members do not have the Data Catalog Fine-Grained Reader role for the policy tags.
  • C. Replace the authorized dataset with an authorized view. Use row-level security and apply filter_expression to limit data access.
  • D. Remove the bigquery.dataViewer role from the data analytics team on the authorized datasets.
  • E. Enforce access control in the policy tag taxonomy.

https://cloud.google.com/bigquery/docs/row-level-security-intro

https://cloud.google.com/bigquery/docs/column-level-security-intro

 

Back to top