An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?
Yeah, that makes sense. We don't want to give the user more access than they actually require. Gotta keep that principle of least privilege in mind, you know?
Ah, I see what you mean. Option D sounds like the best choice then - create a custom role based on Compute Storage Admin, but remove any extra permissions that the external user doesn't need.
I agree, a custom role is the way to go. But I'm not sure if we should be adding all the compute.disks.list and compute.images.list permissions. Maybe we can base it on an existing role and then exclude any unnecessary permissions?
Hmm, this seems like a tricky question. We need to follow the Google-recommended practices, so I think the best approach is to create a custom role with the specific permissions required, rather than just granting a broad admin role.
upvoted 0 times
...
Log in to Pass4Success
Sign in:
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up or
login
Xochitl
8 months agoMalcom
8 months agoElbert
8 months agoAlease
8 months ago