Answer-first summary for fast verification
Answer: 1. Use the Compute Image User role as the base for a custom role and add the compute.disks.list to the includedPermissions field. 2. Grant the custom role to the user at the project level.
Option D is correct because it involves creating a custom role based on the Compute Image User role and adding the compute.disks.list permission to the includedPermissions field. This approach grants the external team member the precise permissions they need without providing unnecessary access, adhering to the principle of least privilege. Options A and C are incorrect as they either involve more permissions than necessary or manual addition of permissions, which may not follow Google-recommended practices. Option B is incorrect because granting the Compute Storage Admin role provides broader permissions than required for list access to compute images and disks, violating the least privilege principle. For more details, refer to [Google's documentation on creating custom roles](https://cloud.google.com/iam/docs/creating-custom-roles).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
As the person in charge of managing access requests for your GCP projects, you need to grant an external team member access to compute images and disks within one of your projects. What is the Google-recommended approach to achieve this?
A
B
Grant the Compute Storage Admin role at the project level.
C
D