Your organization has separate Production and Development folders. Production enforces restrictive IAM roles and multiple Organization Policy constraints. You are onboarding two projects from an acquired startup. The projects must not inherit Production's folder-level policies, yet central security administrators still need visibility and must apply a limited set of mandatory constraints. Which resource-hierarchy design meets these requirements?
Leave the projects at the Organization root and attach labels that exempt them from policies applied in the Production folder.
Place the projects inside the existing Development folder and use conditional IAM to prevent inheritance from the Production folder.
Register a separate Cloud Identity account, create a new Organization for the startup, and move the projects into that Organization.
Create a new folder at the root of the Organization for the startup, move the projects into that folder, and apply only the necessary security constraints there.
Creating a new folder directly under the Organization node keeps the projects within the same Organization, so Organization-level IAM roles and mandatory constraints still apply for central administrators. Because the new folder is a peer-not a child-of the Production folder, none of Production's IAM bindings or Organization Policy constraints are inherited. You can then attach only the required constraints to the new folder.
Moving the projects to a separate Organization would remove visibility for existing administrators. Labels do not affect IAM or Organization Policy inheritance, so leaving the projects at the root would not isolate them from Production's policies. Conditional IAM cannot block inherited permissions, so placing the projects in the Development folder would not prevent Production's policies from applying.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is creating a new folder at the root level better than moving the projects to a separate Organization?
Open an interactive chat with Bash
What is the difference between inherited IAM permissions and Organization policies?
Open an interactive chat with Bash
Can labels affect IAM inheritance or Organization Policy constraints?
Open an interactive chat with Bash
What is the Organization node in GCP?
Open an interactive chat with Bash
How do IAM inheritance and Organization Policies work in GCP?
Open an interactive chat with Bash
What are the benefits of using folders in GCP's resource hierarchy?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .