A company allows every employee to use Google Cloud Platform.
Each department has a Google Group, with all department members as group members.
If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources.
Members of any other department should not have access to the project.
You need to configure this behavior.
What should you do to meet these requirements?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The best solution for this scenario would be option C: Create a Project per department under the Organization. For each department's Project, assign the Project Viewer role to the Google Group related to that department.
Here's why:
Option A: Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department.
Assigning Project Viewer role to the Google Group in each folder can be problematic. If a department member creates a new project, that project will not automatically inherit the folder permissions. As a result, the members of the department would not have access to the project, which violates the requirements.
Option B: Create a Folder per department under the Organization. For each department's Folder, assign the Project Browser role to the Google Group related to that department.
Assigning Project Browser role to the Google Group in each folder can be problematic. If a department member creates a new project, that project will not automatically inherit the folder permissions. As a result, the members of the department would not have access to the project, which violates the requirements. Also, the Project Browser role allows users to list and browse projects, but not view resources within a project.
Option C: Create a Project per department under the Organization. For each department's Project, assign the Project Viewer role to the Google Group related to that department.
Creating a separate project for each department ensures that members of a department have access only to the projects they need. By assigning the Project Viewer role to the Google Group for each department, members of the department will automatically have read-only access to all new project resources created by their colleagues in the same department. The Project Viewer role allows users to view resources in a project without being able to make any changes.
Option D: Create a Project per department under the Organization. For each department's Project, assign the Project Browser role to the Google Group related to that department.
Assigning Project Browser role to the Google Group in each project can be problematic. If a department member creates a new project, that project will not automatically inherit the project permissions. As a result, the members of the department would not have access to the project, which violates the requirements. Also, the Project Browser role allows users to list and browse projects, but not view resources within a project.