Your company has a networking team responsible for managing all network resources and a development team that runs applications on Compute Engine instances containing sensitive data. The development team requires administrative permissions for Compute Engine to manage their applications but does not want the networking team to have access to the sensitive data on these instances. How can you structure your projects and assign roles to meet these requirements while maintaining proper role separation and data security?