To adhere to the principle of least privilege, which Google Cloud Storage role should be assigned to team members who need to manage files and buckets, without granting unnecessary permissions?

Real Exam

Explanation:

The principle of least privilege suggests granting only the permissions necessary to perform a task. For managing files and buckets in Cloud Storage:

roles/storage.objectCreator allows creating objects but not managing them.
roles/storage.admin provides full control over Cloud Storage, which is more than needed.
roles/storage.objectAdmin offers the right balance, allowing management of objects without broader project permissions.
roles/owner grants full project control, far exceeding the required permissions.

Thus, roles/storage.objectAdmin is the most suitable role for this scenario.

Powered ByGPT-5

Google Associate Cloud Engineer