Your company’s image tagging application is hosted on Google Cloud Platform (GCP). A new team within your organization has requested both view and edit access to an existing Cloud Spanner instance. What is the recommended best practice to grant such access?