Finding Users Added to Cloud Spanner IAM Roles

B.

To find out when users were added to Cloud Spanner Identity Access Management (IAM) roles on your Google Cloud Platform (GCP) project, you should do the following steps in the GCP Console:

1. Go to the Stackdriver Logging console by navigating to the "Logging" section from the main menu of the GCP Console.
2. Review the admin activity logs for Cloud Spanner by applying a filter to the logs that are related to Cloud Spanner IAM roles.
3. The filter can be applied by selecting the "Advanced Filters" option and using the query syntax to filter the logs for Cloud Spanner IAM roles. For example, you can use the following filter: protoPayload.methodName="google.iam.admin.v1.CreateRole" This will show you the logs related to the creation of roles in the IAM console.
4. Once you have applied the filter, you can review the logs to determine when users were added to the IAM roles for Cloud Spanner.

Option A is incorrect because the Cloud Spanner console is used to manage and configure Cloud Spanner databases, not IAM roles. Option B is partially correct as you need to review IAM policies, but you should do it specifically for Cloud Spanner roles. Option C is incorrect because Stackdriver Monitoring is used to monitor and analyze the performance and health of resources in the GCP project, not for reviewing IAM roles. Option D is the correct option because Stackdriver Logging allows you to review admin activity logs, which can show when users were added to Cloud Spanner IAM roles, by applying the appropriate filter.