At a large analytics company providing machine-learning services, the DevOps team requires access to all production services across multiple GCP projects to perform their duties efficiently. The goal is to grant them permissions without unnecessarily broadening their access due to future Google Cloud product changes. What is the Google-recommended practice for this scenario? | Google Associate Cloud Engineer Quiz