Answer-first summary for fast verification
Answer: Develop a custom role that includes only the essential permissions, following the principle of least privilege.
The correct approach is to create a custom role with only the necessary permissions, aligning with the principle of least privilege. This ensures that maintainers have just enough access to perform their duties without exposing the system to unnecessary risks. The Owner role provides excessive privileges and should be used sparingly. Assigning the three existing roles would grant more permissions than needed, violating least privilege. The concept of maximum privilege is not a recommended practice. For more details, refer to Google Cloud's security best practices: [Don't Get Pwned: Practicing the Principle of Least Privilege](https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your team is deploying a new data pipeline. The developers responsible for maintaining the pipeline require permissions from three distinct roles, which also include permissions not necessary for their tasks. According to Google Cloud's best practices, what would be your recommendation?
A
Assign the Owner role to simplify role management, despite its broad permissions.
B
Create a custom group encompassing all permissions from the three roles, adhering to the principle of maximum privilege.
C
Grant the three existing roles to the maintainers to reduce role management complexity, even if it includes unnecessary permissions.
D
Develop a custom role that includes only the essential permissions, following the principle of least privilege.