Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
Your company is transitioning all corporate applications to Google Cloud Platform. The security team requires comprehensive visibility into all GCP projects within the organization. After provisioning the Google Cloud Resource Manager and setting yourself as the org admin, which Google Cloud Identity and Access Management (Cloud IAM) roles should you assign to the security team?
Explanation:
The security team needs detailed visibility into all GCP projects in the organization, meaning they should be able to view all projects and resources within these projects. The correct roles to grant are roles/resourcemanager.organizationViewer and roles/viewer. The roles/resourcemanager.organizationViewer role allows viewing the organization in the Cloud Console, while roles/viewer permits viewing existing resources or data. Together, these roles enable the security team to view the organization, including all projects and folders, as well as all resources within the projects. Other options either provide excessive permissions or do not meet the requirement for detailed visibility.