Question 20
Domain 1: Data Collection, Use, Dissemination, and DestructionA product team wants to grant a vendor engineer broad access to customer tables for troubleshooting. Who should decide whether that access is appropriate for the business purpose before the custodian provisions it?
Correct answer: A
Explanation
The data owner decides whether access is appropriate for the business purpose because the owner is accountable for the data’s use and sharing. The custodian only provisions access after that business decision is made, since custodians manage implementation rather than authorization.
Why each option is right or wrong
A. The data owner
Under the standard data governance model, the data owner is the role accountable for approving whether a proposed use of the data is justified by the business need; the custodian’s job is limited to implementing that decision by provisioning access. In this fact pattern, granting a vendor engineer broad access to customer tables for troubleshooting is a business authorization question, so the custodian should not make that call first.
B. The data custodian
C. The identity provider
D. The help desk analyst