Google Cloud IAM Roles for Detailed Visibility of Projects in the Organization | Exam Question Answer

Google Cloud Identity and Access Management (Cloud IAM) Roles for Detailed Project Visibility

Question

Your customer is moving their corporate applications to Google Cloud Platform.

The security team wants detailed visibility of all projects in the organization.

You provision the Google Cloud Resource Manager and set up yourself as the org admin.

What Google Cloud Identity and Access Management (Cloud IAM) roles should you give to the security team?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

The most appropriate Google Cloud IAM roles to give to the security team would be Org Viewer and Project Viewer, as option B suggests.

Explanation:

  1. Org Viewer role: The Org Viewer role is used for viewing all the resources in the organization, including the projects, folders, and the organization itself. This role is used for observing and monitoring the resources in the organization without making any changes to them. Since the security team wants detailed visibility of all projects in the organization, this role would provide them with the necessary access.

  2. Project Viewer role: The Project Viewer role is used for viewing all the resources in a particular project. This role provides read-only access to the resources in the project and does not allow any modifications. The security team would need this role to view the resources in each project, which would enable them to monitor the security posture of each project.

Option A (Org viewer, project owner) would give the security team too much access, as the Project Owner role allows creating and modifying resources in a project. This role should be given only to those who need to create and manage resources in a project.

Option C (Org admin, project browser) gives the security team too much power. The Org Admin role has broad permissions, including the ability to create and manage folders and projects. This role should be given only to a select few people who are responsible for managing the organization's resources.

Option D (Project owner, network admin) is also not appropriate because it would give the security team more access than they need. The Network Admin role is used for managing networking resources in a project, which is not a requirement for the security team.