How do you give read-only access to a shared cloud storage bucket?
WHAT IT TESTS: Least-privilege IAM for shared data pipelines. ANSWER OUTLINE: Bind an IAM role with read permissions to the team at the bucket level, avoid object-level ACLs, and mount read-only on training VMs.
WHAT IT TESTS: Whether you can apply least-privilege IAM to protect immutable training datasets without blocking productivity. ANSWER OUTLINE: First, assign an IAM role with read permissions to the data scientist group directly on the bucket. Second, rely on bucket-level IAM via setIamPolicy instead of object-level ACLs that could override it. Third, provision training compute with read-only filesystem mounts so runtime tools cannot write.
Read the original → docs.cloud.google.com
- #mlops
- #iam
- #cloud storage
- #gcp
- #least privilege
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.