Domain 5.1: Managing Identity and Access Management (IAM) — GCP ACE Practice Question 43

How to approach this question

Understand the difference in scope between primitive roles and predefined roles.

Full Answer

B.Primitive roles grant broad access across all services in a project, violating the principle of least privilege.✓ Correct

Primitive roles (Owner, Editor, Viewer) are legacy roles that grant broad, project-wide access across almost all GCP services. Using them violates the principle of least privilege. Predefined roles (e.g., `roles/compute.viewer`) are much more granular and restrict access to specific services and actions.

Common mistakes

Believing primitive roles cannot be used with service accounts.

Google Cloud strongly recommends avoiding the use of primitive IAM roles (Owner, Editor, Viewer) in production environments.

What is the primary reason for this recommendation?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 3

More questions from this exam

Google Cloud strongly recommends avoiding the use of primitive IAM roles (Owner, Editor, Viewer) in production environments. What is the primary reason for this recommendation?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 3

More questions from this exam

Google Cloud strongly recommends avoiding the use of primitive IAM roles (Owner, Editor, Viewer) in production environments.

What is the primary reason for this recommendation?