Your team needs to take over management of a Cloud Identity domain containing hundreds of projects that was created by a business unit. Which role should your team be granted to manage permissions and audit resources across the entire domain?