Free Preparation Discussions
MENU
Google Exam Professional-Cloud-Architect Topic 4 Question 70 Discussion
Topic #: 4
You are responsible for the Google Cloud environment in your company Multiple departments need access to their own projects and the members within each department will have the same project responsibilities You want to structure your Google Cloud environment for minimal maintenance and maximum overview of 1AM permissions as each department's projects start and end You want to follow Google-recommended practices What should you do?
This option follows the Google-recommended practices for structuring a Google Cloud environment for minimal maintenance and maximum overview of IAM permissions. By creating a Google Group per department and adding all department members to their respective groups, you can simplify user management and avoid granting IAM permissions to individual users. By creating a folder per department and granting the respective group the required IAM permissions at the folder level, you can enforce consistent policies across all projects within each department and avoid granting IAM permissions at the project level. By adding the projects under the respective folders, you can organize your resources hierarchically and leverage inheritance of IAM policies from folders to projects. The other options are not optimal for this scenario, because they either require granting IAM permissions to individual users (B, C), or do not use Google Groups to manage users (D). Reference:
https://cloud.google.com/architecture/framework/system-design
https://cloud.google.com/architecture/identity/best-practices-for-planning
https://cloud.google.com/resource-manager/docs/creating-managing-folders
Currently there are no comments in this discussion, be the first to comment!