Answer-first summary for fast verification
Answer: Assign the finance team to the Billing Account Administrator role for relevant billing accounts and developers to the Viewer role for the Project.
The correct answer is to assign the finance team to the Billing Account Administrator role for each billing account they manage and developers to the Viewer role for the Project. This setup allows the finance team to manage budgets and view charges without accessing project resources, while developers can view their project's billing charges and resources. The Billing Account Administrator role is essential for managing billing accounts, including setting budgets and viewing cost information. The Viewer role provides developers with read-only access to project resources and billing charges, aligning with the requirements. Other options either grant excessive permissions or fail to meet the specified needs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company manages multiple GCP projects, each overseen by its respective team. Recently, the combined expenditure across all projects has surpassed the operational budget. A decision was made to allow the finance team to set budgets and monitor charges for all projects without accessing project resources, while developers should only see billing charges and resources for their own projects. Following Google's recommended practices for IAM roles and permissions, what is the best course of action?
A
Grant the finance team the Viewer role for the Project and assign developers to the Security Reviewer role for each billing account.
B
Include both developers and finance managers in the Viewer role for the Project.
C
Assign the finance team to the Billing Account Administrator role for relevant billing accounts and developers to the Viewer role for the Project.
D
Provide the finance team with the default IAM Owner role and create a custom role for developers to view their own project spend.
No comments yet.