A support engineer occasionally needs to investigate errors by examining application log entries in Cloud Logging for a single project. They must not be able to list Cloud Storage objects, start or stop VMs, or view audit logs. Which single IAM role should you grant to satisfy the requirement with the principle of least privilege?
Grant the basic Viewer role (roles/viewer) at the project level.
Grant the Logs Viewer predefined role (roles/logging.viewer) at the project level.
Grant the Logs Private Viewer role (roles/logging.privateLogViewer) at the project level.
Grant the Monitoring Viewer role (roles/monitoring.viewer) at the project level.
The Logs Viewer predefined role (roles/logging.viewer) grants read-only access to application logs and log buckets but does not include permissions to view private audit logs or interact with other Google Cloud resources like Storage or Compute Engine. Granting the basic Viewer role would allow read access to almost every service in the project, which violates least-privilege. The Logs Private Viewer role adds the ability to read private (audit/system) logs that the engineer does not need. The Monitoring Viewer role only covers Cloud Monitoring assets and does not allow reading logs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the Logs Viewer IAM role?
Open an interactive chat with Bash
Why shouldn't the Viewer role be used in this scenario?
Open an interactive chat with Bash
What is the difference between Logs Private Viewer and Logs Viewer roles?
Open an interactive chat with Bash
What is the principle of least privilege in IAM?
Open an interactive chat with Bash
What is the difference between the Logs Viewer and Logs Private Viewer roles?
Open an interactive chat with Bash
What are audit logs in Cloud Logging, and why restrict access to them?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .