Your company's compliance auditor has been added to a Google Cloud project. The auditor must be able to read all Cloud Logging entries across every service in the project but must not view objects in Cloud Storage, query BigQuery tables, or modify any resources. Which IAM role should you grant to the auditor to meet these requirements while following the principle of least privilege?
Grant the basic Viewer role (roles/viewer) at the project level.
Create a custom role containing only logging read permissions and grant it at the project level.
Grant the predefined Logging Viewer role (roles/logging.viewer) at the project level.
Grant the predefined Logging Admin role (roles/logging.admin) at the project level.
The Logging Viewer predefined role (roles/logging.viewer) provides read-only access to Cloud Logging entries and metadata for the entire project. It does not include permissions to access data stored in other services such as Cloud Storage or BigQuery, nor does it allow configuration changes. The basic Viewer role would allow the auditor to read data in many other services, making it overly permissive. Logging Admin adds write and configuration permissions that are not required. Creating a custom role is unnecessary because an appropriate predefined role already exists and is automatically kept up to date by Google.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Cloud Logging entries in Google Cloud?
Open an interactive chat with Bash
What is the principle of least privilege in IAM roles?
Open an interactive chat with Bash
What are predefined roles in Google Cloud IAM?
Open an interactive chat with Bash
What is the Logging Viewer role in GCP?
Open an interactive chat with Bash
What is the principle of least privilege in IAM roles?
Open an interactive chat with Bash
How do predefined IAM roles differ from custom IAM roles in GCP?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .