[Solved] You need to create a custom role that permits users to list and read objects in Cloud Storage buckets but prevents them from deleting or modifying any... Which set of permissions should you include? | GCP

GCP - Cloud IAM Advanced

You need to create a custom role that permits users to list and read objects in Cloud Storage buckets but prevents them from deleting or modifying any buckets or objects. Which set of permissions should you include?

Astorage.buckets.get, storage.buckets.delete, storage.objects.get

Bstorage.buckets.list, storage.objects.get, storage.objects.list

Cstorage.buckets.create, storage.objects.delete, storage.objects.list

Dstorage.buckets.update, storage.objects.get, storage.objects.delete

Step-by-Step Solution

Solution:

Step 1: Identify read/list permissions
To allow listing buckets and reading objects, include 'storage.buckets.list', 'storage.objects.get', and 'storage.objects.list'.
Step 2: Exclude delete or update permissions
Do not include 'storage.buckets.delete', 'storage.buckets.update', or 'storage.objects.delete' to prevent deletion or modification.
Final Answer:
storage.buckets.list, storage.objects.get, storage.objects.list -> Option B
Quick Check:
Include only read and list permissions, exclude delete/update [OK]

Quick Trick: Include only list/get permissions, exclude delete/update [OK]

Common Mistakes:

Including delete or update permissions by mistake
Confusing 'storage.buckets.get' with 'storage.buckets.list'
Assuming 'storage.buckets.create' is needed for reading

Master "Cloud IAM Advanced" in GCP

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More GCP Quizzes

Which set of permissions should you include?

Step 1: Identify read/list permissions

Step 2: Exclude delete or update permissions

Final Answer:

Quick Check:

Want More Practice?