You are configuring IAM bindings for a new Google Cloud project. Compliance says that every employee who currently has a Google Workspace account ending with @acme-corp.com must have the Viewer role, but new hires will be onboarded through a different IT process and do not need to receive the role automatically. Which principal identifier best limits the Viewer role to only the existing set of employees while avoiding external domains?
A Google Group principal covers exactly the users who are added to that group and does not automatically include future Workspace users. By granting the Viewer role to group:[email protected], you satisfy the requirement to include only the current employees and can add future hires later if needed. The domain principal would auto-grant to all current and future users in the domain, which is not desired. The wildcard user:*@acme-corp.com is invalid syntax, and allAuthenticatedUsers would grant access to any Google-authenticated user worldwide.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is principal identifier in Google Cloud IAM?
Open an interactive chat with Bash
Why is a Google Group considered more restrictive than a domain identifier in IAM?
Open an interactive chat with Bash
What is the difference between 'allAuthenticatedUsers' and 'user:*@domain.com' in IAM?
Open an interactive chat with Bash
What is a Google IAM binding?
Open an interactive chat with Bash
Why is using a Google Group better than a domain principal in this scenario?
Open an interactive chat with Bash
What would happen if 'allAuthenticatedUsers' was used for the Viewer role?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .