You are managing an application in Google Cloud Platform (GCP) that generates a significant amount of logs in the staging project. The company's GCP organization consists of two folders (dev and prod) and four projects (dev, test, staging, and production). The dev and test projects are located within the dev folder, while the staging and production projects are in the prod folder. The company aims to create metrics from these logs for alerting purposes, specifically for the mentioned application, adhering to the principle of least privilege. Which IAM solution best meets this requirement?