Google Cloud Associate Cloud Engineer — Question 197

Your company requires all developers to have the same permissions, regardless of the Google Cloud project they are working on. Your company’s security policy also restricts developer permissions to Compute Engine, Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

Answer options

• A. • Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization. • Copy the role across all projects created within the organization with the gcloud iam roles copy command. • Assign the role to developers in those projects.
• B. • Add all developers to a Google group in Google Groups for Workspace. • Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.
• C. • Add all developers to a Google group in Cloud Identity. • Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.
• D. • Add all developers to a Google group in Cloud Identity. • Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level. • Assign the custom role to the Google group.

Correct answer: D

Explanation

The correct answer is D because it creates a custom role at the organizational level, ensuring consistent permissions across all projects with minimal management overhead. Option A involves copying roles which can be cumbersome, while option B assigns a broader role that may exceed necessary permissions. Option C requires separate assignments for each project, increasing administrative effort.