CLOUD-DIGITAL-LEADER · Question #183
Several departments in an organization are working together on a project. The organization wants to customize access to resources for each department. What is the quickest and most efficient way to ac
The correct answer is A. By mapping IAM roles to job functions for each department. Mapping IAM roles to job functions lets an organization efficiently assign consistent, appropriate permissions to entire departments rather than managing access individually.
Question
Several departments in an organization are working together on a project. The organization wants to customize access to resources for each department. What is the quickest and most efficient way to achieve this?
Options
- ABy mapping IAM roles to job functions for each department
- BBy assigning IAM primitive roles to each employee
- CBy applying least-privilege to roles for each employee
- DBy creating a single shared service account for all departments
How the community answered
(49 responses)- A80% (39)
- B6% (3)
- C2% (1)
- D12% (6)
Why each option
Mapping IAM roles to job functions lets an organization efficiently assign consistent, appropriate permissions to entire departments rather than managing access individually.
IAM predefined roles are designed to align with specific job functions, so mapping them to departments grants all members the correct permission set in a single step. This approach follows the principle of role-based access control (RBAC), which is the recommended pattern for managing permissions at scale. It is faster than per-user assignment and more precise than broad primitive roles.
Primitive roles (Owner, Editor, Viewer) are overly broad and provide no per-department customization, violating least-privilege principles.
Applying least-privilege per individual employee requires configuring each person separately, making it the least efficient option for multiple departments.
A single shared service account eliminates individual accountability, prevents customized access per department, and is a security anti-pattern.
Concept tested: IAM role-based access control for departments
Source: https://cloud.google.com/iam/docs/understanding-roles
Topics
Community Discussion
No community discussion yet for this question.