You are asked to link an existing Google Cloud project called finance-prod to your company's centralized billing account. When you attempt this in the Cloud Console, the Link project button is disabled. Your identity currently has the Billing Account Viewer role on the billing account and the Viewer role on the project. Which combination of additional IAM roles will give you the minimum permissions required to complete the link without granting unnecessary broader access?
Assign Editor on the finance-prod project; no additional role is needed on the billing account.
Assign Billing Account User on the billing account and Project Billing Manager on the finance-prod project.
Assign Billing Account Administrator on the billing account and Viewer on the finance-prod project.
Assign Owner on the finance-prod project and Billing Account Viewer on the billing account.
Linking a project to a billing account requires permissions on two separate resources:
Billing account - you need the billing.accounts.get and billing.accounts.update permissions, which are included in the Billing Account User role (roles/billing.user).
Project - you need the resourcemanager.projects.updateBillingInfo permission, provided by the Project Billing Manager role (roles/resourcemanager.projectBillingManager).
Granting Billing Account User on the billing account plus Project Billing Manager on the project satisfies these requirements and follows the principle of least privilege. Billing Account Administrator or Owner roles would also work but grant unnecessary additional permissions. Similarly, granting Editor on the project is broader than needed.
Therefore, selecting Billing Account User for the billing account together with Project Billing Manager for the project is the correct and most restrictive solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege in IAM?
Open an interactive chat with Bash
What is the difference between Billing Account User and Billing Account Administrator?
Open an interactive chat with Bash
What does the Project Billing Manager role allow you to do?
Open an interactive chat with Bash
What are the responsibilities of the Billing Account User role in Google Cloud?
Open an interactive chat with Bash
What permissions does the Project Billing Manager role provide in Google Cloud?
Open an interactive chat with Bash
Why is it important to follow the principle of least privilege when assigning IAM roles in Google Cloud?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .