Exam Professional Cloud Security Engineer topic 1 question 37 discussion

Shouldn't it be A? Project Browser has least permissions comparing to Project Viewer. The question is about have read-access to all new project resources. roles/browser - Read access to browse the hierarchy for a project, including the folder, organization, and IAM policy. This role doesn't include permission to view resources in the project. https://cloud.google.com/iam/docs/understanding-roles#project-roles

A please

Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department. Grant viewer to the folder fits with automatically get permission on project creation

Create a Folder per department under the Organization. For each department's Folder, assign the Project Viewer role to the Google Group related to that department.

Who voted C!?!??!?! The answer is A!!!!

Correct answer - A https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy

The correct answer is definitely C. Let's divide the question into 2 parts: 1st: Role: Key requirement: all members of that department should automatically have read-only access to all new project resources. > The project browser role only allows read access to browse the hierarchy for a project, including the folder, organization, and allow policy. This role doesn't include permission to view resources in the project. Hence the options B and D are not relevant as they both are browser roles which DO NOT provide access to project resources. 2nd: Option A creates a Folder per department and C creates project per department. However, Project viewer role is only applied at the project level. Hence the correct answer is C which creates projects per department under organization .

It's A, Project Viewer. Project Browser doesn't allow users to see resources, only find the project in the hierarchy.

It's A , browser is : Read access to browse the hierarchy for a project, including the folder, organization, and IAM policy. This role doesn't include permission to view resources in the project. https://cloud.google.com/iam/docs/understanding-roles#project-roles

either A or C because must be project viewer ,browser is not enough.https://cloud.google.com/iam/docs/understanding-roles

Why not A?

The answer is A: https://stackoverflow.com/questions/54778596/whats-the-difference-between-project-browser-role-and-project-viewer-role-in-go#:~:text=8-,What's%20the%20difference%20between%20Project%20Browser%20role%20and,role%20in%20Google%20Cloud%20Platform&text=According%20to%20the%20console%20popup,read%20access%20to%20those%20resources.

I think it's B. As the question says all members of that department should automatically have read-only access to all new project resources but browser will only provide the get, list permissions not read only permission so viewer seems to be more accurate here. roles/browser Read access to browse the hierarchy for a project, including the folder, organization, and IAM policy. This role doesn't include permission to view resources in the project. resourcemanager.folders.get resourcemanager.folders.list resourcemanager.organizations.get resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.list roles/viewer Viewer Permissions for read-only actions that do not affect state, such as viewing (but not modifying) existing resources or data.

Question says - If a department member creates a new project, all members of that department should automatically have read-only access to all new project resources. and @ownez provided documentation that says - browser role doesn't include perm to view resources in the project. Hence B is the right answer.

A it´s OK

Ans - A

Answer is B: "have read-only access to all new project resources." So it has to be in a folder to cascade the permissions to new projects carried.