Explanation:
Option A is not the best practice because it involves assigning roles directly to users instead of using groups, and the roles/browser role only allows viewing and browsing resources without access to the full hierarchical structure. Option B is incorrect as the roles/iam.roleViewer role permits viewing IAM policies, not the project hierarchy. Option C is correct because it follows Google's recommended practice of using groups for permission management, and the roles/browser role grants the necessary access to browse the hierarchy, including folders, organization, and IAM policy, without viewing project resources. Option D is incorrect for the same reason as B, as it does not provide access to the hierarchical structure. For more details, refer to Google Cloud IAM documentation.
Ultimate access to all questions.
No comments yet.
Your company extensively uses Google Cloud Platform for all its government-related projects, which are organized in a complex hierarchical structure with hundreds of folders and projects. Only the Cloud Governance team is permitted to view the entire hierarchical structure. According to Google-recommended practices, what is the minimum permission required for the Governance team to perform their duties effectively?
A
Assign the users directly to the roles/browser role.
B
Assign the users directly to the roles/iam.roleViewer role.
C
D