You are overseeing an application that produces a significant volume of logs within the staging Project. The organization is structured within GCP with an organization, two folders (dev and prod), and four projects (dev, test, staging, and production). The dev and test projects reside under the dev folder, while staging and production are under the prod folder. The goal is to create metrics from these logs for alerting purposes specifically for this application, adhering to the principle of least privilege. Which IAM solution best meets this requirement?