Answer-first summary for fast verification
Answer: Grant users the compute.imageUser role in the image creation Project to allow them to create instances from these images.
The correct approach is to assign the compute.imageUser role to users in the Project where the images are created, ensuring adherence to the principle of least privilege. Granting the compute.instanceAdmin role (options A and C) is overly permissive. Assigning roles in the users' respective Projects (options D) does not align with the best practice of managing permissions at the source. Reference: [Google Cloud Compute Images Best Practices](https://cloud.google.com/compute/docs/images/image-management-best-practices).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a scenario where your company manages multiple Google Projects, with one dedicated to automated Compute and Docker Image creation as part of the CI/CD pipeline, how would you grant users in developer, staging, and Production Projects access to these images for deployments, adhering to the principle of least privilege?
A
Grant users the compute.instanceAdmin role in their respective Projects to allow them to create instances from these images.
B
Grant users the compute.imageUser role in the image creation Project to allow them to create instances from these images.
C
Grant users the compute.instanceAdmin role in the image creation Project to allow them to create instances from these images.
D
Grant users the compute.imageUser role in their respective Projects to allow them to create instances from these images.
No comments yet.