Answer-first summary for fast verification
Answer: Assign the user the `roles/iam.serviceAccountAdmin` role.
The `roles/iam.serviceAccountAdmin` role is the most appropriate choice as it provides the necessary permissions to manage all service accounts for Google Cloud Projects without granting excessive privileges. This role allows the user to create, update, and delete service accounts, as well as manage IAM policies for these accounts. Other roles either provide too broad permissions (`roles/iam.roleAdmin`), lack the ability to manage service accounts (`roles/iam.securityAdmin`), or only allow the use of service accounts without management capabilities (`roles/iam.serviceAccountUser`). For more details, refer to [Google Cloud IAM documentation](https://cloud.google.com/iam/docs/creating-managing-service-accounts).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As the Owner of a rapidly expanding financial services startup, you've recently onboarded a team member to oversee all service accounts for Google Cloud Projects. What is the least privileged role you should assign to this individual to enable them to fulfill their responsibilities effectively?
A
Assign the user the roles/iam.securityAdmin role.
B
Assign the user the roles/iam.serviceAccountUser role.
C
Assign the user the roles/iam.roleAdmin role.
D
Assign the user the roles/iam.serviceAccountAdmin role.
No comments yet.