Imagine you're overseeing an application within a Google Cloud Platform (GCP) organization that produces a significant volume of logs in the staging Project. The organization comprises two folders (dev and prod) and four projects (dev, test, staging, and production), with dev and test projects located in the dev folder, and staging and production projects in the prod folder. The goal is to create metrics from these logs for alerting purposes, specifically for this application, while adhering to the principle of least privilege. Which IAM solution best meets this requirement?