Google Cloud Professional Cloud Developer — Question 12

Your code is running on Cloud Functions in project A. It is supposed to write an object in a Cloud Storage bucket owned by project B. However, the write call is failing with the error "403 Forbidden".
What should you do to correct the problem?

Answer options

• A. Grant your user account the roles/storage.objectCreator role for the Cloud Storage bucket.
• B. Grant your user account the roles/iam.serviceAccountUser role for the[email protected]service account.
• C. Grant the[email protected]service account the roles/storage.objectCreator role for the Cloud Storage bucket.
• D. Enable the Cloud Storage API in project B.

Correct answer: C

Explanation

The correct answer is C because the service account used by Cloud Functions needs the roles/storage.objectCreator role in order to write to the Cloud Storage bucket of project B. The other options do not address the permissions required for the service account itself, which is essential for this cross-project access.