Domain 5.1: Managing Identity and Access Management (IAM) — GCP ACE Practice Question 41

How to approach this question

Understand the history and structure of IAM. Primitive roles are the old, broad roles. Predefined roles are the modern, specific roles.

Full Answer

B.Primitive roles (Owner, Editor, Viewer) offer broad, project-wide access across all services, while Predefined roles offer granular access tailored to specific services.✓ Correct

Primitive roles (Owner, Editor, Viewer) offer broad, project-wide access across all services, while Predefined roles offer granular access tailored to specific services.

Primitive roles (roles/viewer, roles/editor, roles/owner) are legacy roles that existed before IAM. They grant broad access to almost all resources in a project. For example, an Editor can modify VMs, Storage buckets, and databases. Predefined roles are managed by Google and provide granular, service-specific access (e.g., roles/compute.instanceAdmin). Google Cloud best practices strongly recommend using Predefined roles to enforce the principle of least privilege.

Common mistakes

Confusing Predefined roles with Custom roles. Predefined are made by Google; Custom are made by you.

In Google Cloud Identity and Access Management (IAM), what is the primary difference between Primitive roles and Predefined roles?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 6

More questions from this exam