In managing IAM (Identity and Access Management) on GCP, how would you configure permissions to prevent a developer from unintentionally deleting an important storage bucket, while still maintaining other administrative rights over storage buckets?
Choose an answer
Tap an option to check your answer.
Correct answer: Use Cloud IAM to create a custom role excluding the storage.buckets.delete permission.
Why this is the answer
*Explanation: The optimal approach is to use Cloud IAM to create a custom role that includes all necessary permissions for managing storage buckets, except for the storage.buckets.delete permission. This tailored role allows the developer to perform all required administrative actions without the risk of accidentally deleting critical storage buckets. This method offers precise control over permissions, which is more effective and straightforward compared to other options like VPC Service Controls or Organization Policies, which do not provide the necessary granularity for this specific requirement.*
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed