🔥 3-day streak
Professional Cloud Security Engineer147 / 152
Question 147 of 152
A retail company is migrating its resource hierarchy. The security team wants to grant the marketing team's analysts a way to manage their own IAM bindings on BigQuery datasets within a single project, but the team must NOT be able to grant themselves or others any roles that are more privileged than the ones already present in the project. Analysts should also be prevented from acting on any resource outside that project. Which approach best enforces this requirement while following least privilege?
Reviewed for accuracy · Report an issueNext question