Your company utilizes an extensive array of Google Cloud services that are centralized within a single project, while each team maintains dedicated projects for testing and development purposes. The DevOps team requires access to all production services to effectively execute their responsibilities. To ensure that future updates or changes to Google Cloud products do not inadvertently expand their permissions, you aim to adhere to Google-recommended best practices. What steps should you take to achieve this?