Topic 1 Question 42
You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?
Grant the team members the IAM role of logging.configWriter on Cloud IAM.
Configure Access Context Manager to allow only these members to export logs.
Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
解説
ユーザの投票
コメント(16)
option A
👍 24rinkeshgala12021/06/06It's should be C. least privilege
The question is ask about export log and does not mention about read and write log Option A give too many permission Logs Configuration Writer (roles/logging.configWriter) Provides permissions to read and write the configurations of logs-based metrics and sinks for exporting logs.
logging.buckets.create logging.buckets.delete logging.buckets.get logging.buckets.list logging.buckets.undelete logging.buckets.update logging.cmekSettings.* logging.exclusions.* logging.locations.* logging.logMetrics.* logging.logServiceIndexes.* logging.logServices.* logging.logs.list logging.notificationRules.* logging.operations.* logging.sinks.* logging.views.create logging.views.delete logging.views.get logging.views.list logging.views.update resourcemanager.projects.get resourcemanager.projects.list
👍 6Manh2021/11/10A is correct
Logs Configuration Writer (roles/logging.configWriter)
- Provides permissions to read and write the configurations of logs-based metrics and sinks for exporting logs. https://cloud.google.com/logging/docs/access-control
👍 4sticky2021/09/30
シャッフルモード