Q: 3
Your organization needs to allow a production job to have access to a BigQuery dataset. The
production job is running on a Compute Engine instance that is part of an instance group.
What should be included in the IAM Policy on the BigQuery dataset?
Options
Discussion
B tbh, since the project owns the instance and inherits a lot of permissions by default. I always thought project-level roles covered resources in cases like this. Not 100% on it but seems logical, yeah?
Option C pops up on a ton of GCP questions. You grant access to the service account since that's what actually runs on the instance and hits BigQuery, not the instance or group directly. I think that's the usual approach but let me know if anyone's seen it asked some other way.
Be respectful. No spam.
