ExpertMedium1 markMultiple Choice
GCP ACE · Question 42 · Domain 5.1: Managing Identity and Access Management (IAM)
You want to see a list of all users, groups, and service accounts that have been granted the roles/storage.objectAdmin role in your current project.
Which gcloud command should you use?
You want to see a list of all users, groups, and service accounts that have been granted the roles/storage.objectAdmin role in your current project.
Which gcloud command should you use?
Answer options:
A.
gcloud iam roles list
B.
gcloud projects get-iam-policy [PROJECT_ID]
C.
gcloud auth list
D.
gcloud iam service-accounts list
How to approach this question
Recall how to view IAM bindings at the project level.
Full Answer
B.gcloud projects get-iam-policy [PROJECT_ID]✓ Correct
gcloud projects get-iam-policy [PROJECT_ID]
The IAM policy contains the bindings that associate members (users, groups, service accounts) with roles. To view who has what role at the project level, you use `gcloud projects get-iam-policy [PROJECT_ID]`. You can then grep or filter the output for the specific role.
Common mistakes
Using `gcloud iam roles list`, which only shows the definition of roles, not the assignments.
Practice the full GCP Associate Cloud Engineer Practice Exam 4
50 questions · hints · full answers · grading
More questions from this exam
Q01You have recently joined a new team and need to set up a new Google Cloud project for a developme...EasyQ02Your company uses Google Workspace. You need to grant a new developer, Alice, the ability to view...MediumQ03You have created a new GCP project and want to deploy a Compute Engine instance. However, when yo...MediumQ04Your startup has a strict monthly cloud budget of $500. You want to be notified via email when yo...EasyQ05Your finance team wants to analyze Google Cloud costs using standard SQL and build custom dashboa...Medium