Explanation:
The correct answer is C because the built-in project viewer role provides the auditor with read-only access to all project resources, which is exactly what they need to perform their audit without the risk of making any modifications. Options A and D are incorrect because the service viewer role does not provide project-wide view access, and creating custom roles is unnecessary when predefined roles meet the requirements. Option B is incorrect because it suggests creating a custom role with view-only project permissions, which is redundant since the built-in project viewer role already fulfills this need. For more information, refer to the GCP IAM documentation.
Ultimate access to all questions.
Your organization has engaged a third-party company to conduct an audit on Google Cloud Platform (GCP) resources. The auditor, provided with a GSuite ID by your organization, requires read-only access to all project items to fulfill their duties. What is the most appropriate way to configure the auditor's permissions?
A
Assign the auditor with the built-in service viewer role.
B
Create a custom role with view-only project permissions and assign it to the auditor.
C
Assign the auditor with the built-in project viewer role.
D
Create a custom role with view-only service permissions and assign it to the auditor.
No comments yet.