Answer-first summary for fast verification
Answer: Grant the basic role roles/viewer and the pre-defined role roles/compute.admin to the DevOps group.
The correct answer is A. By granting the roles/viewer and roles/compute.admin roles to the DevOps group, you provide them with read-only access to all resources in the project (roles/viewer) while giving them full control of Compute Engine resources (roles/compute.admin). This ensures that they cannot create or update any other resources in the project while having the necessary permissions to manage Compute Engine resources.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In your organization's development project, the DevOps team requires comprehensive management capabilities over Compute Engine resources, including creating, updating, and deleting Compute Engine instances and related configurations. However, it is crucial to ensure that their permissions are strictly limited to Compute Engine resources, and they must not have the ability to create or modify any other resources within the project. How would you configure their permissions to meet these requirements?
A
Grant the basic role roles/viewer and the pre-defined role roles/compute.admin to the DevOps group.
B
Create an IAM policy and grant all compute.instanceAdmin.* permissions to the policy. Attach the policy to the DevOps group.
C
Create a custom role at the folder level and grant all compute.instanceAdmin.* permissions to the role. Grant the custom role to the DevOps group.
D
Grant the basic role roles/editor to the DevOps group.
No comments yet.