Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
To adhere to the principle of least privilege, which role should be assigned to team members for uploading objects to Cloud Storage buckets without granting unnecessary permissions?
Explanation:
The correct answer is C because the roles/storage.objectCreator role permits users to create objects in Cloud Storage buckets without the ability to view, delete, or overwrite existing objects, aligning with the principle of least privilege.
roles/storage.objectViewer) is incorrect as it only allows viewing objects, not creating them.roles/storage.admin and roles/storage.objectAdmin) are incorrect because they grant more permissions than necessary for the task of uploading objects.For more details, refer to the GCP documentation on Cloud Storage IAM Roles.