Complete the code to specify the role in the IAM policy binding.
{
"role": "[1]",
"members": ["user:alice@example.com"]
}The role roles/viewer grants read-only access, which is a common starting point for IAM bindings.
Complete the code to specify a member type in the IAM policy binding.
{
"role": "roles/viewer",
"members": ["[1]:bob@example.com"]
}The member type user is used to specify an individual user email in IAM bindings.
Fix the error in the IAM policy binding by completing the member string correctly.
{
"role": "roles/storage.objectViewer",
"members": ["[1]:my-service-account@project.iam.gserviceaccount.com"]
}Service accounts must be prefixed with serviceAccount in IAM member strings.
Fill both blanks to create an IAM policy binding with a group member and the correct role.
{
"role": "[1]",
"members": ["[2]:admins@example.com"]
}The roles/editor role allows editing permissions, and the member is a group identified by an email.
Fill both blanks to create an IAM policy binding with a domain member and a storage admin role.
{
"role": "[1]",
"members": ["[2]:example.com"]
}The roles/storage.admin role grants full storage admin rights, and the member type domain applies to all users in the domain.