Your organization has a dedicated person who creates and manages all service accounts for Google Cloud projects. You need to assign this person the minimum role for projects. What should you do?
A.
Add the user to roles/iam.roleAdmin role.
B.
Add the user to roles/iam.securityAdmin role.
C.
Add the user to roles/iam.serviceAccountUser role.
D.
Add the user to roles/iam.serviceAccountAdmin role.
Whoever say C is right answer, please read the question 1000000000 times if not understand - "Your organization has a dedicated person who creates and manages all service accounts for Google Cloud projects. " Dedicated person who creates and manages all service... Now read below;
To allow a user to manage service accounts, grant one of the following roles:
Service Account User (roles/iam.serviceAccountUser): Includes permissions to list service accounts, get details about a service account, and impersonate a service account.
Service Account Admin (roles/iam.serviceAccountAdmin): Includes permissions to list service accounts and get details about a service account. Also includes permissions to create, update, and delete service accounts, and to view or change the IAM policy on a service account.
Now look in which role mentioned "CREATE"?
Obviously - roles/iam.serviceAccountAdmin....... So Answer is????
1M% - D only
D
As per the documentation:
https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountUser
https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountAdmin
roles/iam.serviceAccountAdmin --> Create and manage service accounts.
https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountAdmin
roles/iam.serviceAccountUser --> Run operations as the service account.
https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountUser
D.Service Account Admin (roles/iam.serviceAccountAdmin): Includes permissions to list service accounts and get details about a service account. Also includes permissions to create, update, and delete service accounts, and to view or change the IAM policy on a service account.
To allow a user to manage service accounts, grant one of the following roles:
Service Account User (roles/iam.serviceAccountUser): Includes permissions to list service accounts, get details about a service account, and impersonate a service account.
Service Account Admin (roles/iam.serviceAccountAdmin): Includes permissions to list service accounts and get details about a service account. Also includes permissions to create, update, and delete service accounts, and to view or change the IAM policy on a service account.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PhilipAWS
Highly Voted 3 years, 11 months agoJhelum
2 years, 10 months agocreativenets
1 year, 5 months agoRomio2023
12 months agoiooj
2 months, 2 weeks agoSIX
Highly Voted 4 years, 5 months agokelliot
Most Recent 12 months agothewalker
1 year agoBAofBK
1 year agoscanner2
1 year, 2 months agoCaptain1212
1 year, 2 months agoNeha_Pallavi
1 year, 3 months agoAzureDP900
2 years, 5 months agoharoldbenites
2 years, 5 months agoluciorifa
2 years, 9 months agoPriyankahere
2 years, 10 months agokped21
2 years, 10 months agojaffarali
2 years, 11 months agosharmamohitkr700
2 years, 11 months agoalaahakim
3 years agoTenshiD
3 years ago