You want to verify the IAM users and roles assigned within a GCP project named my-project.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
To verify the IAM users and roles assigned within a GCP project named my-project, there are several ways to approach it. However, the most straightforward method is to navigate to the IAM section of the project in the GCP Console and review the members and roles assigned to them. Therefore, the correct answer is C.
Explanation of each answer:
A. Run gcloud iam roles list. Review the output section: This command lists all the IAM roles in the current project or organization, including their ID, name, and description. However, it does not provide any information about the users or service accounts assigned to those roles. Hence, it is not the correct answer.
B. Run gcloud iam service-accounts list. Review the output section: This command lists all the service accounts in the current project or organization, including their email and display name. However, it does not provide any information about the users or roles assigned to those service accounts. Hence, it is not the correct answer.
C. Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles: This is the correct answer. By navigating to the IAM section of the project in the GCP Console, you can see a list of all the members with access to the project, including their email, account type (user or service account), and the roles assigned to them. You can also review the specific permissions granted to each role. This is the most direct and comprehensive way to verify the IAM users and roles assigned within a GCP project.
D. Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status: This option navigates to the Roles section of the project in the GCP Console, where you can see a list of all the predefined and custom roles available in the project, including their ID, name, and description. However, it does not provide any information about the users or service accounts assigned to those roles. Therefore, it is not the correct answer.