Google Professional Cloud Security Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A Google Cloud organization has a single organization node with a folder named "Apps" containing multiple projects. The organization policy constraints/iam.allowedPolicyMemberDomains is set at the organization level, allowing only members from the terramearth.com domain. The "Apps" folder enforces the same organization policy but allows only members from the flowlogistic.com domain, and this policy has the inheritFromParent property set to false.
You attempt to grant access to a project within the "Apps" folder to the user testuser@terramearth.com.
What is the result of this action and why?