Google Cloud Professional Cloud Architect — Question 165

You are responsible for the Google Cloud environment in your company. Multiple departments need access to their own projects, and the members within each department will have the same project responsibilities. You want to structure your Google Cloud environment for minimal maintenance and maximum overview of
IAM permissions as each department's projects start and end. You want to follow Google-recommended practices. What should you do?

Answer options

• A. Grant all department members the required IAM permissions for their respective projects.
• B. Create a Google Group per department and add all department members to their respective groups. Create a folder per department and grant the respective group the required IAM permissions at the folder level. Add the projects under the respective folders.
• C. Create a folder per department and grant the respective members of the department the required IAM permissions at the folder level. Structure all projects for each department under the respective folders.
• D. Create a Google Group per department and add all department members to their respective groups. Grant each group the required IAM permissions for their respective projects.

Correct answer: B

Explanation

Option B is correct because it follows Google-recommended practices by using Google Groups for IAM management, allowing for easier permission management at the folder level. Option A is less efficient as it grants permissions individually instead of using groups, leading to higher maintenance. Option C does not leverage groups for permissions, making management cumbersome. Option D, while using groups, assigns permissions at the project level rather than the more efficient folder level.