Answer-first summary for fast verification
Answer: Create a group for your SRE team and provide roles/accessapproval.approver role to the group.
The correct approach is to create a group for your SRE team and assign the roles/accessapproval.approver role to the group. This method adheres to the principle of least privilege by not granting unnecessary administrative rights (options B and D) and ensures that the approval process is managed collectively by the team (option C is incorrect because it assigns the role directly to individuals, bypassing group oversight). This strategy enhances security and compliance by involving multiple team members in the approval process, thereby mitigating risks associated with single points of failure or potential misuse of privileges. For more details, refer to the [Google Cloud Access Approval documentation](https://cloud.google.com/access-approval/docs/quickstart).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As the newly appointed head of the SRE team at a finance-based company, you've established strict access policies for Google Cloud Projects due to the sensitive nature of your data. Your SRE engineers occasionally need to open support cases with the Google Cloud Support team and require the ability to approve these requests. What is the Google recommended approach for enabling this?
A
Create a group for your SRE team and provide roles/accessapproval.approver role to the group.
B
Provide roles/iam.roleAdmin role to your SREs.
C
Provide roles/accessapproval.approver role to your SREs.
D
Create a group for your SRE team and provide roles/iam.roleAdmin.role to the group.
No comments yet.