Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these different levels, what is the effective policy at a particular node of the hierarchy?
Choose an answer
Tap an option to check your answer.
Correct answer: The effective policy is the union of the policy set at the node and policies inherited from its ancestors.
Why this is the answer
In Google Cloud IAM, policies are inherited down the resource hierarchy. This means that a policy defined at a higher level (like an organization or folder) applies to all resources within that level, including projects and resources inside those projects. The effective policy at any given node (e.g., a project) is the union of the policies directly applied to that node and all policies inherited from its parent folders and the organization. This cumulative approach ensures that permissions granted at higher levels are always respected at lower levels. The other options are incorrect because: "only by the policy set at the node" ignores inheritance. "restricted by the policies of its ancestors" implies a reduction of permissions, which is not how IAM inheritance works; it's additive. "intersection" would mean only permissions common to all policies, which would drastically reduce effective permissions and is not how IAM inheritance functions.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed