Your company has a security team that manages firewalls and SSL certificates.
It also has a networking team that manages the networking resources.
The networking team needs to be able to read firewall rules, but should not be able to create, modify, or delete them.
How should you set up permissions for the networking team?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
https://cloud.google.com/compute/docs/access/iamTo set up permissions for the networking team to read firewall rules without the ability to create, modify, or delete them, option C would be the most appropriate choice.
Here's why:
A. Assigning the compute.networkUser role to members of the networking team would not provide them with sufficient permissions to read firewall rules. This role only provides the ability to view network resources, but not to perform any actions on them.
B. Assigning the compute.networkAdmin role to members of the networking team would give them too much access, as it would allow them to create, modify, and delete firewall rules. This role provides full control over networking resources, including firewalls.
C. Assigning members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions would give them read-only access to firewall rules without the ability to create, modify, or delete them. The compute.networks.* permission allows them to view networking resources, while the compute.firewalls.list permission allows them to list the firewall rules.
D. Assigning the compute.networkViewer role to members of the networking team and adding the compute.networks.use permission would not provide them with sufficient permissions to read firewall rules. The compute.networkViewer role only provides the ability to view networking resources, but not to perform any actions on them. The compute.networks.use permission allows users to create and modify networking resources, which is not required for the networking team's role.
Therefore, option C is the most appropriate choice for setting up permissions for the networking team to read firewall rules without the ability to create, modify, or delete them.