Managing Permissions and Auditing for Cloud Identity Domain in GCP

Take Over Managing Permissions and Auditing for Cloud Identity Domain in GCP

Question

A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP.

The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.

Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources.

Which type of access should your team grant to meet this requirement?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

In this scenario, the business unit at the multinational corporation has signed up for Google Cloud Platform (GCP) and created a Cloud Identity domain with hundreds of projects. Your team wants to take over managing permissions and auditing the domain resources, and you need to decide which type of access to grant to meet this requirement.

Option A: Organization Administrator An Organization Administrator has full control over all resources and policies within the organization, including the ability to create, modify, and delete projects, folders, and other resources. Granting Organization Administrator access would give your team complete control over the entire organization and all of its resources, which may not be necessary or appropriate.

Option B: Security Reviewer A Security Reviewer can view security-related configurations and settings within the organization, but cannot make changes. This access level may not be sufficient for your team's requirements, as you need to take over managing permissions and auditing the domain resources, which likely involves making changes.

Option C: Organization Role Administrator An Organization Role Administrator can create and manage custom roles for the organization, as well as assign roles to users and groups. This access level may be appropriate if your team needs to create and manage custom roles to meet specific requirements, but may not provide sufficient access for managing permissions and auditing domain resources.

Option D: Organization Policy Administrator An Organization Policy Administrator can manage organization-level policies that govern resource configurations and behaviors, including access controls. This access level may be appropriate for your team's requirements, as managing permissions and auditing domain resources often involves setting and enforcing access controls.

Based on the information provided, it seems that Option D - Organization Policy Administrator - would be the most appropriate access level to grant your team. However, it's important to fully understand your team's requirements and the scope of the resources and policies that need to be managed before making a final decision on access levels.