Explanation:
To grant team members the ability to export logs in Stackdriver Logging, the correct approach involves assigning the appropriate IAM roles that specifically allow for the management of log exports. Option A suggests granting the 'logging.configWriter' role, which is correct because this role provides the necessary permissions to create, update, and delete log sinks, which are essential for exporting logs. Option C is also correct because creating a custom IAM role with 'logging.sinks.list' and 'logging.sink.get' permissions would allow team members to view and manage log sinks, thereby enabling them to export logs. Options B and D are incorrect because Access Context Manager and Organizational Policies are not the right tools for granting permissions to export logs; they are more about defining access levels and enforcing organizational-wide policies, respectively.
Ultimate access to all questions.
To grant team members the ability to export logs from Stackdriver Logging for a managed application, what steps should you take?
A
Grant the team members the IAM role of logging.configWriter on Cloud IAM.
B
Configure Access Context Manager to allow only these members to export logs.
C
Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
D
Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
No comments yet.