Answer-first summary for fast verification
Answer: Assign the Logs Configuration Writer role to developers in the staging Project.
Option A is correct because the Logs Configuration Writer role provides the necessary permissions to create logs-based metrics without granting excessive privileges. Assigning this role at the project level ensures that developers only have access to the staging project's logs, adhering to the principle of least privilege. Options B and D are incorrect because assigning roles at the folder level would grant developers access to logs in the production project, which is unnecessary and violates the principle of least privilege. Option C is incorrect because the Logs Admin role is overly permissive for the task at hand. Reference: [Google Cloud Logging Documentation](https://cloud.google.com/logging/docs/logs-based-metrics).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are managing an application in Google Cloud Platform (GCP) that generates a significant amount of logs in the staging project. The company's GCP organization consists of two folders (dev and prod) and four projects (dev, test, staging, and production). The dev and test projects are located within the dev folder, while the staging and production projects are in the prod folder. The company aims to create metrics from these logs for alerting purposes, specifically for the mentioned application, adhering to the principle of least privilege. Which IAM solution best meets this requirement?
A
Assign the Logs Configuration Writer role to developers in the staging Project.
B
Assign the Logs Admin role to developers in the prod Folder.
C
Assign the Logs Admin role to developers in the staging Project.
D
Assign the Logs Configuration Writer role to developers in the prod Folder.
No comments yet.