Which type of access should your team grant to meet this requirement?

A business unit at a multinational corporation signs up for GCP and starts moving workloads into GCP. The business unit creates a Cloud Identity domain with an organizational resource that has hundreds of projects.

Your team becomes aware of this and wants to take over managing permissions and auditing the domain resources.

Which type of access should your team grant to meet this requirement?
A . Organization Administrator
B . Security Reviewer
C . Organization Role Administrator
D . Organization Policy Administrator

Answer: C

Explanation:

Here are the permissions available to organizationRoleAdmin

iam.roles.create

iam.roles.delete

iam.roles.undelete

iam.roles.get

iam.roles.list

iam.roles.update

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

resourcemanager.organizations.get

resourcemanager.organizations.getIamPolicy

There are sufficient as per least privilege policy. You can do user management as well as auditing. https://cloud.google.com/iam/docs/understanding-custom-roles

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments