Complete the code to grant a user the role of Storage Object Viewer using IAM.
resource = "projects/my-project" policy = client.get_iam_policy(resource) policy.bindings.append({"role": "[1]", "members": ["user:alice@example.com"]}) client.set_iam_policy(resource, policy)
The correct IAM role to view storage objects is roles/storage.objectViewer. This grants read-only access to objects.
Complete the code to set an ACL that grants read access to all users on a Cloud Storage bucket.
bucket = client.get_bucket('my-bucket') bucket.acl.[1].all().grant_read() bucket.acl.save()
To grant read access to all users, use the public ACL entity.
Fix the error in the IAM policy binding to correctly specify the member type for a service account.
policy.bindings.append({"role": "roles/storage.admin", "members": ["[1]:my-service-account@my-project.iam.gserviceaccount.com"]})Service accounts must be prefixed with serviceAccount: in IAM member strings.
Fill both blanks to create an IAM policy that grants a group the role of Compute Viewer on a project.
policy.bindings.append({"role": "[1]", "members": ["[2]:dev-team@example.com"]})The role for viewing compute resources is roles/compute.viewer, and the member type for groups is group.
Fill all three blanks to create an ACL entry that grants write access to a specific user on a bucket.
bucket.acl.[1].[2]().grant_[3]() bucket.acl.save()
To grant write access to a specific user, use user entity, select all() to target all entries for that user, and call grant_write().