Topic 1 Question 211
An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?
Create a custom role, and add all the required compute.disks.list and compute.images.list permissions as includedPermissions. Grant the custom role to the user at the project level.
Create a custom role based on the Compute Image User role. Add the compute.disks.list to the includedPermissions field. Grant the custom role to the user at the project level.
Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.
Grant the Compute Storage Admin role at the project level.
ユーザの投票
コメント(11)
- 正解だと思う選択肢: B
Option B allows you to create a custom role that is based on the existing Compute Image User role, which already includes the necessary permissions for accessing compute images. Then, you add the compute.disks.list permission to the custom role's includedPermissions field to grant the user list access to compute disks as well. This ensures that the user has precisely the permissions needed for their specific tasks and nothing more, following the principle of least privilege.
👍 4shreykul2023/07/23 - 正解だと思う選択肢: A
You can't give B because, Image user will be able to use the Image to create resources. Only give list access
👍 3rahulrauki2023/09/26 - 正解だと思う選択肢: C
Tried this, could not find those permissions when I tried to create custom role directly, you need to create from the role
👍 2FJ822023/07/18
シャッフルモード