Answer-first summary for fast verification
Answer: Add the finance team members to the Billing Administrator role for each billing account they manage. Add developers to the Viewer role for the Project.
The correct answer is **A** because it meets both requirements: finance team members can set budgets without viewing project contents, and developers can only view billing charges for their projects, adhering to the principle of least privilege. The Billing Administrator role allows budget management, while the Viewer role permits charge viewing. - **Option B** is incorrect due to GCP's recommendation against using primitive roles and custom roles when predefined roles suffice. - **Option C** is incorrect as the Viewer role does not grant the finance team the ability to set budgets. - **Option D** is incorrect for the same reason as Option C, and the Security Reviewer role is unnecessary for developers' needs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a project with two compliance requirements, the first requires developers to view Google Cloud Platform billing charges only for their projects. The second requires finance team members to set budgets and view charges for all projects without accessing project contents. How should permissions be set?
A
Add the finance team members to the Billing Administrator role for each billing account they manage. Add developers to the Viewer role for the Project.
B
Add the finance team members to the default IAM Owner role. Add developers to a custom role allowing them to see only their own spend.
C
Add both developers and finance managers to the Viewer role for the Project.
D
Add the finance team to the Viewer role for the Project. Add developers to the Security Reviewer role for each billing account.
No comments yet.