Your company just created a new Google Cloud project. A Google Group of developers must be able to create, update, and delete most resources in the project, such as Compute Engine instances and Cloud Storage buckets. However, the security team requires that the group must not be able to modify IAM policies, link or unlink billing accounts, or delete the project. To satisfy these constraints with a single primitive IAM role and follow least-privilege principles, which role should you grant to the group?
No primitive role satisfies these requirements; you must create a custom role
The Editor primitive role grants broad read-write access to nearly all resources in a project, so the developers can create, update, and delete Compute Engine instances, Cloud Storage buckets, and other resources. Editor does not include permissions such as resourcemanager.projects.setIamPolicy (modify IAM policies), resourcemanager.projects.delete (delete the project), or billing.projectManager (link or unlink billing accounts). Therefore, it meets the security team's constraints better than the Owner role, which is overly permissive. Viewer is read-only and would not let developers modify resources, and a custom role is unnecessary because the Editor role already satisfies the requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are primitive IAM roles in Google Cloud?
Open an interactive chat with Bash
How does the Editor role differ from the Owner role in Google Cloud IAM?
Open an interactive chat with Bash
What does least-privilege access mean in Google Cloud IAM?
Open an interactive chat with Bash
What is the Editor role in GCP?
Open an interactive chat with Bash
How does the Editor role follow least-privilege principles?
Open an interactive chat with Bash
Why is a custom IAM role not necessary in this case?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .