As your organization expands its usage of GCP, many teams have started to create their own projects. Projects are further multiplied to accommodate different stages of deployments and target audiences. Each project requires unique access control configurations. The central IT team needs to have access to all projects. Furthermore, data from Cloud Storage buckets and BigQuery datasets must be shared for use in other projects in an ad hoc way. You want to simplify access control management by minimizing the number of policies. Which two steps should you take? Choose 2 answers.
A. Use Cloud Deployment Manager to automate access provision.
B. Introduce resource hierarchy to leverage access control policy inheritance.
C. Create distinct groups for various teams, and specify groups in Cloud IAM policies.
D. Only use service accounts when sharing data for Cloud Storage buckets and BigQuery datasets.
E. For each Cloud Storage bucket or BigQuery dataset, decide which projects need access. Find all the active members who have access to these projects, and create a Cloud IAM policy to grant access to all these users.
|
Download Printable PDF. VALID exam to help you PASS. |
 |
Answer is BC.
It doesn’t mean it’s right, please mention the reasons here not only the references.
Not A -> Every project has unique requirements, so “A” automation will not do much.
Not D -> As, Service accounts for computer to computer interactions not applications!
Not E -> E should create complex policies
B & C, resource hierarchy and group emails can be used to have a simple policy to extend access to bq datasets and gcs buckets in an ad hoc way
B and C