Answer-first summary for fast verification
Answer: roles/storage.objectCreator
The correct answer is **C** because the `roles/storage.objectCreator` role permits users to create objects in Cloud Storage buckets without the ability to view, delete, or overwrite existing objects, aligning with the principle of least privilege. - **Option A** (`roles/storage.objectViewer`) is incorrect as it only allows viewing objects, not creating them. - **Options B & D** (`roles/storage.admin` and `roles/storage.objectAdmin`) are incorrect because they grant more permissions than necessary for the task of uploading objects. For more details, refer to the [GCP documentation on Cloud Storage IAM Roles](https://cloud.google.com/storage/docs/access-control/iam-roles).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To adhere to the principle of least privilege, which role should be assigned to team members for uploading objects to Cloud Storage buckets without granting unnecessary permissions?
A
roles/storage.objectViewer
B
roles/storage.admin
C
roles/storage.objectCreator
D
roles/storage.objectAdmin