As a Cloud Engineer, you have developed an application on Google Cloud that leverages Cloud Spanner for its database requirements. To ensure smooth operations, your support team needs the ability to monitor the Cloud Spanner environment. However, it is crucial that they do not have access to the actual table data stored within Cloud Spanner. Your goal is to establish a streamlined solution that grants the appropriate permissions to your support team, adhering strictly to Google-recommended practices. What steps should you take to achieve this?