The reason it isn't D is that a Dept modelled as a project puts a massive constraint on the dept that they can only have a single project, it's likely a department will want many projects.
1. Centralized Control: A single organization provides a central point for managing all your Google Cloud resources and IAM policies. This simplifies administration and ensures consistency across your organization.
2. Independent Department Management: Folders allow you to group projects within your organization and delegate administrative control to different departments. Each department can manage its own IAM policies within its assigned folder, providing the necessary independence.
3. Hierarchical Structure: Folders provide a hierarchical structure for organizing your resources. You can create sub-folders within departments for further granularity and control.
4. Efficient Resource Management: This structure makes it easier to manage resources, track costs, and enforce security policies across your organization.
C. A single Organization with Folders for each department
To control IAM policies for different departments independently but centrally, you should create a single organization and use folders to organize the policies for each department. This approach allows you to centralize the management of IAM policies for all departments within a single organization, while also allowing you to set up different policies for each department as needed.
Option A, multiple organizations with multiple folders, would not be an effective solution because it would create unnecessary complexity and make it more difficult to centralize the management of IAM policies. Option B, multiple organizations, one for each department, would also not be an effective solution because it would create unnecessary complexity and make it more difficult to centralize the management of IAM policies. Option D, a single organization with multiple projects, each with a central owner, would not be an effective solution because it would not allow you to set up different policies for each department as needed.
C. Seems to be best practice (cf AWS56). And I believe that D should be excluded because it says "Project owner" - it is not best practice since it's a basic role + it's not even stated as a requisite
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AWS56
Highly Voted 5 years agoAzureDP900
2 years, 1 month agoBiddlyBdoyng
Highly Voted 2 years, 1 month agoEkramy_Elnaggar
Most Recent 4 days, 14 hours agoShasha1
1 month, 1 week agovyomkeshbakshi
1 year, 4 months agored_panda
1 year, 5 months agoomermahgoub
1 year, 11 months agoMarcoEscanor
2 years, 1 month agoPrashant2022
2 years, 1 month agoholerina
2 years, 2 months agocmamiusa
2 years, 7 months agomygcpjourney2712
2 years, 8 months agoharoldbenites
2 years, 11 months agovincy2202
2 years, 12 months agonansi
3 years, 2 months agorikoko
3 years, 3 months agovictory108
3 years, 6 months ago