Your company is using Google Cloud.
You have two folders under the Organization: Finance and Shopping.
The members of the development team are in a Google Group.
The development team group has been assigned the Project Owner role on the Organization.
You want to prevent the development team from creating resources in projects in the Finance folder.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://cloud.google.com/resource-manager/docs/creating-managing-foldersThe correct answer is A. Assign the development team group the Project Viewer role on the Finance folder, and assign the development team group the Project Owner role on the Shopping folder.
Explanation:
In this scenario, you have an organization with two folders named Finance and Shopping. The development team group has been assigned the Project Owner role on the organization level, which gives them full permissions to create and manage resources in all projects within the organization. However, you want to prevent the development team from creating resources in projects within the Finance folder.
To achieve this, you can use Cloud Identity and Access Management (Cloud IAM) to assign the appropriate roles to the development team group on the Finance and Shopping folders.
Option A is the correct solution because it assigns the development team group the Project Viewer role on the Finance folder and the Project Owner role on the Shopping folder. By assigning the Project Viewer role on the Finance folder, the development team group can view resources in the Finance folder, but they cannot create or modify resources. This restriction ensures that the development team group cannot accidentally or intentionally create resources in the Finance folder.
Assigning the Project Owner role on the Shopping folder ensures that the development team group retains full permissions on all projects within the Shopping folder. Removing the development team group's Project Owner role from the organization (as suggested in option C) is not necessary and may have unintended consequences. Similarly, assigning only the Project Viewer role on the Finance folder (as suggested in option B) is not sufficient to prevent the development team from creating resources in the Finance folder.
Option D is not the correct solution because it assigns the development team group the Project Owner role on the Shopping folder but does not address the requirement to prevent the development team from creating resources in the Finance folder.