Your customer is moving their corporate applications to Google Cloud Platform. The security team wants detailed visibility of all projects in the organization. You provision the Google Cloud Resource Manager and set up yourself as the org admin. What Google Cloud Identity and Access Management (Cloud IAM) roles should you give to the security team?
Choose an answer
Tap an option to check your answer.
Correct answer: Org viewer, project viewer.
Why this is the answer
The security team needs detailed visibility across all projects without the ability to modify resources. The "Org viewer" role grants read-only access to organization-level resources and policies, allowing them to see all projects. The "Project viewer" role provides read-only access within each project, enabling them to inspect resources and configurations. "Org viewer, project owner" is incorrect because "project owner" grants full administrative control over projects, which is not required and violates the principle of least privilege. "Org admin, project browser" is incorrect because "Org admin" grants full control over the entire organization, which is excessive. "Project browser" is a more limited read-only role than "Project viewer," and the security team needs detailed visibility. "Project owner, network admin" is incorrect as it grants excessive permissions at the project level and specific network administration rights, neither of which provides organization-wide visibility.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed