What is Google Clouds principle for granting access to users select the correct answer?
Create and configure a service account to access data on behalf of Looker Studio. Note: Instead of delegating access using owner's credentials, or requiring individual report viewers to have access to the data using viewer's credentials, Looker Studio can use a service account to access data. A service account is a special type of Google account that is intended to represent a non-human user that can authenticate and be authorized to access data in Google APIs and products. To use a service account with Looker Studio, you add your organization's Looker Studio service agent as a user (principal) on the account. This gives you control over which service accounts can be used with Looker Studio, while ensuring that the users in your organization can easily access the data they need. Using a service account instead of an individual user's credentials provides these benefits:
Learn more about service accounts. We recommend that you create new service accounts that are solely for use with Looker Studio. For example, you can create separate service accounts dedicated for marketing, sales, and engineering teams to use with Looker Studio. In this article:
Before you begin
Setup instructionsYou only need to perform the instructions in this article once unless you want to create different service accounts for different teams or groups of users. To create multiple accounts, repeat these instructions for each additional account. Get the Looker Studio service agentTo allow the service account to access your data, you'll need to provide the Looker Studio service agent for your organization. You can get the service agent from a help page in Looker Studio:
Create a service account for Looker StudioInstructions on creating a service account can be found in the Google Cloud IAM documentation. You can use either the Cloud console or the Cloud Shell command line to create the service account. Use Cloud console Step 1: Create a new service account
Step 2: Allow the Looker Studio service agent to access your service account
Tip: Your service agent's address uses the format Step 3: Grant user rolesNote: This step is optional if you already added Looker Studio users while creating the service account, as described in step 1 above. Looker Studio users who will create or edit data sources need to be granted a role that includes the Tip: If you're not ready to complete this step, you can come back to it later. Tip: We recommend that you do NOT grant non-service agent users the Service Account Token Creator role — it is not needed for Looker Studio. Note: Users who will only view Looker Studio reports don't need to have permissions on the service account.
Step 4: Enable the service account to access your BigQuery dataTo allow Looker Studio to access your data, grant the BigQuery Data Viewer role to the service account at the table or dataset level. Note: We don't recommend granting service account access at the project level. To grant access to a table:
To grant access to a dataset:
Use Cloud Shell Step 1: Create a new service accountFollow the general steps listed under gcloud in Creating and managing service accounts.
Step 2: Allow the Looker Studio service agent to access your service accountTo allow the Looker Studio service agent to access data via the service account, grant the Service Account Token Creator role ( Example: gcloud iam service-accounts add-iam-policy-binding \ \ --member="" \ --role="roles/iam.serviceAccountTokenCreator" Step 3: Grant user rolesLooker Studio users who will create or edit
data sources need to be granted a role that includes the If you're not ready to complete this step, you can come back to it later. Tip: We recommend that you do NOT grant non-service agent users the Service Account Token Creator role — it is not needed for Looker Studio. Note: Users who will only view Looker Studio reports don't need to have permissions on the service account. To grant the Service Account User role, run the gcloud projects add-iam-policy-bindingcommand. In the following examples, replace PROJECT_ID with your project ID, and replace " " with one or more valid email addresses (separate multiple entries with commas). Example: gcloud iam service-accounts
add-iam-policy-binding \ \ Step 4: Enable the service account to access your BigQuery dataTo allow Looker Studio to access your data, grant the BigQuery Data Viewer role to the service account at the table or dataset level. Provide the Looker Studio service account(s) to your Looker Studio usersLooker Studio users will need to know which service account to use when creating data sources. As there is no way to see the list of available service accounts from within Looker Studio, you should make this information available via your organization's documentation, internal website, or email. Note: You don't need to manage service account keys manually, nor do users need to download service account keys from Cloud console and upload them to Looker Studio. The limit of 10 service account keys per service account does not apply to Looker Studio. Edit a data source that uses service account credentialsWhen someone edits a data source that uses service account credentials, Looker Studio checks to see if they have permission to use the service account. If they don’t, the data source switches to use their credentials instead. See who is using the service account to access dataYou can check the audit logs for service accounts in the Cloud console. You must enable IAM audit logs for Data Access activity if you want to receive audit logs for service accounts. ErrorsThis section explains the errors that Looker Studio data source creators and report viewers might see when they try to use a service account. In most cases, these errors have the same root cause: incorrect or incomplete setup of the service account. Missing service agent role
No access to the data
Missing user role
Service agent not available for the account
Can't use service agent in credentials dialog
Limits
Related resources
Was this helpful? How can we improve it? What are the three components of Google Cloud's Defence in depth data security design select the correct answer?Let's take a closer look at three network security controls to minimize risk and secure your resources.. Secure your Internet-facing services. ... . Secure your VPC for private deployments. ... . Micro-segment access to your applications and services.. Which tool is used by Google clouds to protect user's data?Cloud External Key Manager (EKM) protects your data at rest in BigQuery and Compute Engine by using encryption keys that are stored and managed in a third-party key management system that you control outside Google infrastructure.
What is the mission of Google Cloud quizlet?It is designed to provide a scalable online transaction processing (OLTP) database with high availability and strong consistency at global scale. Google Cloud SQL is a web service that allows you to create, configure, and use relational databases that live in Google's cloud.
Which of the following are Google Cloud operations focused tools?The first is operations focus tools, which include cloud monitoring, cloud logging, error reporting, and service monitoring.
|