Home › GCP Associate Cloud Engineer › cloudcomputing › gcpsecurity › Which IAM principle does Google Cloud recommend …
Which IAM principle does Google Cloud recommend when granting a service account access to other services?
AGrant `roles/owner` at the organisation level so the service account never hits a permission error
BShare the service-account key with every developer over Slack
CDisable IAM checks entirely for the service account
DGrant the minimum permissions necessary (principle of least privilege) — use predefined or custom roles narrowly scoped to needed resources
Answer & Solution
Correct answer: D. Grant the minimum permissions necessary (principle of least privilege) — use predefined or custom roles narrowly scoped to needed resources
Least-privilege is the canonical guidance — minimal role at the minimum scope, no shared keys, no disabled IAM. The other options are textbook footguns.
Related questions
Which Google Cloud feature provides a centralised reverse proxy that verifies the user's iAn organisation wants to enforce that only signed and approved container images can be depWorkload Identity Federation lets external (non-Google) identities (e.g. AWS IAM, GitHub AAn auditor needs to determine which user deleted a Cloud Storage bucket in a project last Which approach gives a GKE workload SHORT-LIVED credentials to access Google APIs WITHOUT Which Google Cloud product stores secrets (API tokens, passwords, certificates) with versiWhich Google Cloud service centrally manages cryptographic keys (creation, rotation, destrService account impersonation lets a principal: