Answer-first summary for fast verification
Answer: Create a custom role, and add all the required compute.disks.list and compute.images.list permissions as includedPermissions. Grant the custom role to the user at the project level.
The correct answer is A. You should create a custom role containing only the required permissions, which are compute.disks.list and compute.images.list, and grant this custom role to the user at the project level. This follows the principle of least privilege by ensuring the user only has the necessary permissions without granting excessive access.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An external member of your team requires access to view both compute images and disks within a specific project. To ensure you adhere to Google-recommended practices for granting permissions, how should you proceed in providing the necessary access to this user?
A
Create a custom role, and add all the required compute.disks.list and compute.images.list permissions as includedPermissions. Grant the custom role to the user at the project level.
B
Create a custom role based on the Compute Image User role. Add the compute.disks.list to the includedPermissions field. Grant the custom role to the user at the project level.
C
Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.
D
Grant the Compute Storage Admin role at the project level.
No comments yet.