Topic 1 Question 42
Your code is running on Cloud Functions in project A. It is supposed to write an object in a Cloud Storage bucket owned by project B. However, the write call is failing with the error "403 Forbidden". What should you do to correct the problem?
Grant your user account the roles/storage.objectCreator role for the Cloud Storage bucket.
Grant your user account the roles/iam.serviceAccountUser role for the [email protected] service account.
Grant the [email protected] service account the roles/storage.objectCreator role for the Cloud Storage bucket.
Enable the Cloud Storage API in project B.
ユーザの投票
コメント(9)
The answer is C : the default service account use by cloud function is [email protected] (cf. https://cloud.google.com/functions/docs/concepts/iam#troubleshooting_permission_errors)
👍 17[Removed]2020/06/11Seems there is no correct answer here... The correct answer should be grant add service account used by cloud function as a member to target bucket with roles/storage.objectCreator role
👍 3emmet2020/06/10https://cloud.google.com/functions/docs/troubleshooting: "The Cloud Functions service uses the Cloud Functions Service Agent service account (service-<PROJECT_NUMBER>@gcf-admin-robot.iam.gserviceaccount.com) when performing administrative actions on your project. By default this account is assigned the Cloud Functions cloudfunctions.serviceAgent role. This role is required for Cloud Pub/Sub, IAM, Cloud Storage and Firebase integrations. If you have changed the role for this service account, deployment fails."
Answer is C
👍 3syu31svc2021/07/02
シャッフルモード