An enterprise with distinct departments needs to ensure managed, independent access to their cloud resources within a shared environment. The configuration should enable department-specific resource management and enforce the least privilege access principle. As a solutions architect, which option would you recommend to achieve this goal?
Utilize a central governance mechanism to broadly restrict services accessible by each department without individualized access controls.
Create separate user accounts with individualized permissions tailored to each member's role in the enterprise to manage resource access manually.
Set up groups corresponding to the enterprise's internal structure with attached permissions, ensuring each group's access is limited to resources necessary for their operations.
Implement role-switching for different teams to grant them temporary access to other departments' resources when required.