Google Cloud Associate Cloud Engineer — Question 88

Your organization uses G Suite for communication and collaboration. All users in your organization have a G Suite account. You want to grant some G Suite users access to your Cloud Platform project. What should you do?

Answer options

• A. Enable Cloud Identity in the GCP Console for your domain.
• B. Grant them the required IAM roles using their G Suite email address.
• C. Create a CSV sheet with all users' email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.
• D. In the G Suite console, add the users to a special group called[email protected]. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.

Correct answer: B

Explanation

The correct answer is B because assigning IAM roles to users using their G Suite email addresses directly grants them the necessary permissions to access the Cloud Platform project. Option A is incorrect as enabling Cloud Identity does not automatically grant project access. Option C is not valid since converting email addresses into accounts is not needed for G Suite users. Option D relies on group membership but does not explicitly assign roles, which is essential for access control.