Answer: In the Google Cloud console, create a custom IAM role with all clouddeploy.automations.* permissions and an allow policy for only the development delivery pipeline. Grant this IAM role to the development team.

To grant the development team access to only the development delivery pipeline while following Google-recommended practices, the best approach is to use IAM roles and policies that are as granular as possible. Option B suggests creating a custom IAM role with specific permissions for Cloud Deploy automations and applying an allow policy for only the development delivery pipeline. This approach adheres to the principle of least privilege by ensuring the team has access only to what they need. Option A is less ideal because it involves granting a broader role and then adding deny conditions, which can complicate permissions management. Option C and D involve applying roles directly to targets or pipelines via policy files, which may not be as flexible or as clearly aligned with Google's recommended practices for managing access with IAM roles.

Author: LeetQuiz Editorial Team