Google Cloud Professional Cloud DevOps Engineer — Question 185

Your company uses Cloud Deploy with multiple delivery pipelines for deploying applications to different environments. Your development team currently lacks access to any of these pipelines. You need to grant the team access to only the development delivery pipeline, while following Google-recommended practices. What should you do?

Answer options

• A. In the Google Cloud console, grant the development team the roles/clouddeploy.operator role. Add deny conditions to all pipelines other than the development delivery pipeline.
• B. In the Google Cloud console, create a custom IAM role with all clouddeploy.automations.* permissions and an allow policy for only the development delivery pipeline. Grant this IAM role to the development team.
• C. Grant the development team the roles/clouddeploy.operator role in a policy file. Apply the policy file to the development target.
• D. Grant the development team the roles/clouddeploy.developer role in a policy file. Apply this policy file to the development delivery pipeline.

Correct answer: D

Explanation

The correct answer is D because granting the roles/clouddeploy.developer role provides the necessary permissions for the development team to work on the development delivery pipeline. Option A is incorrect as deny conditions can complicate access management and may inadvertently restrict access further. Option B is not ideal since creating a custom IAM role may introduce unnecessary complexity, and Option C does not provide the appropriate level of access needed for development tasks.