A customer has 300 engineers.
The company wants to grant different levels of access and efficiently manage IAM permissions between users in the development and production environment projects.
Which two steps should the company take to meet these requirements? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.BD.
To grant different levels of access and efficiently manage IAM permissions between users in the development and production environment projects, the company should take the following two steps:
B. Create a folder for each development and production environment: Creating a folder for each development and production environment allows the company to organize and manage resources and permissions for each environment separately. This will simplify IAM permission management and ensure that access is granted only to the appropriate users. Within each folder, IAM roles and permissions can be assigned to control who has access to which resources.
C. Create a Google Group for the Engineering team, and assign permissions at the folder level: Creating a Google Group for the Engineering team will enable the company to manage permissions at scale for multiple users. Assigning permissions at the folder level will allow the company to grant access to specific resources only to the members of the Google Group. This approach simplifies permission management and ensures that access is granted only to the appropriate users.
A, D, and E are not the correct answers for the following reasons:
A. Creating a project with multiple VPC networks for each environment would create multiple projects and VPC networks that may not be necessary. This approach may complicate IAM permission management and make it difficult to grant access to specific resources.
D. Creating an Organizational Policy constraint for each folder environment would not be practical since it would require creating multiple policies and constraints for each environment. This approach may also make it challenging to manage IAM permissions effectively.
E. Creating projects for each environment and granting IAM rights to each engineering user would create multiple projects and IAM permissions that may not be necessary. This approach may also make IAM permission management more complex and difficult to maintain over time.