Answer-first summary for fast verification
Answer: Assign the compute.imageUser role to users in the Project where the images are created, enabling them to create instances from these images.
The correct approach is to assign the compute.imageUser role to users in the Project where the images are created. This role is specifically designed for this purpose and adheres to the principle of least privilege. The other options either grant excessive permissions (compute.instanceAdmin) or assign the role in the wrong context (users' Projects instead of the image creation Project). Refer to Image management best practices for further details.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company operates multiple Google Projects, including one dedicated to automated Compute and Docker Image creation as part of the CI/CD pipeline. Developers, staging, and production teams need access to these images for deployments. Adhering to the principle of least privilege, which IAM role should you assign to these users to facilitate this access?
A
Grant users the compute.instanceAdmin role in their respective Projects to allow them to create instances from these images.
B
Assign the compute.imageUser role to users in the Project where the images are created, enabling them to create instances from these images.
C
Provide users with the compute.instanceAdmin role in the image creation Project to permit instance creation from these images.
D
Enable users to create instances from these images by granting them the compute.imageUser role in their different Projects.
No comments yet.