Answer-first summary for fast verification
Answer: Grant the team members the IAM role of logging.configWriter on Cloud IAM., Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
To grant team members the ability to export logs in Stackdriver Logging, the correct approach involves assigning the appropriate IAM roles that specifically allow for the management of log exports. Option A suggests granting the 'logging.configWriter' role, which is correct because this role provides the necessary permissions to create, update, and delete log sinks, which are essential for exporting logs. Option C is also correct because creating a custom IAM role with 'logging.sinks.list' and 'logging.sink.get' permissions would allow team members to view and manage log sinks, thereby enabling them to export logs. Options B and D are incorrect because Access Context Manager and Organizational Policies are not the right tools for granting permissions to export logs; they are more about defining access levels and enforcing organizational-wide policies, respectively.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To grant team members the ability to export logs from Stackdriver Logging for a managed application, what steps should you take?
A
Grant the team members the IAM role of logging.configWriter on Cloud IAM.
B
Configure Access Context Manager to allow only these members to export logs.
C
Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
D
Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
No comments yet.