Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
In a project with two compliance requirements, the first requires developers to view Google Cloud Platform billing charges only for their projects. The second requires finance team members to set budgets and view charges for all projects without accessing project contents. How should permissions be set?
In a project with two compliance requirements, the first requires developers to view Google Cloud Platform billing charges only for their projects. The second requires finance team members to set budgets and view charges for all projects without accessing project contents. How should permissions be set?
Real Exam
Explanation:
The correct answer is A because it meets both requirements: finance team members can set budgets without viewing project contents, and developers can only view billing charges for their projects, adhering to the principle of least privilege. The Billing Administrator role allows budget management, while the Viewer role permits charge viewing.
- Option B is incorrect due to GCP's recommendation against using primitive roles and custom roles when predefined roles suffice.
- Option C is incorrect as the Viewer role does not grant the finance team the ability to set budgets.
- Option D is incorrect for the same reason as Option C, and the Security Reviewer role is unnecessary for developers' needs.