Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
Your company manages multiple GCP projects, each overseen by its respective team. Recently, the combined expenditure across all projects has surpassed the operational budget. A decision was made to allow the finance team to set budgets and monitor charges for all projects without accessing project resources, while developers should only see billing charges and resources for their own projects. Following Google's recommended practices for IAM roles and permissions, what is the best course of action?
Explanation:
The correct answer is to assign the finance team to the Billing Account Administrator role for each billing account they manage and developers to the Viewer role for the Project. This setup allows the finance team to manage budgets and view charges without accessing project resources, while developers can view their project's billing charges and resources. The Billing Account Administrator role is essential for managing billing accounts, including setting budgets and viewing cost information. The Viewer role provides developers with read-only access to project resources and billing charges, aligning with the requirements. Other options either grant excessive permissions or fail to meet the specified needs.