GCP - Cloud IAM Advanced
You want to give a team member access to only start and stop virtual machines but not delete or create them. Which IAM approach is best?
You want to give a team member access to only start and stop virtual machines but not delete or create them. Which IAM approach is best?
hard📝 Best Practice Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Understand predefined roles limits
'roles/compute.instanceAdmin' and 'roles/editor' provide broad permissions including create and delete, which is too much.Step 2: Use custom role for precise permissions
Creating a custom role with only 'start' and 'stop' VM permissions limits access exactly as needed.Final Answer:
Create a custom role with only 'start' and 'stop' permissions -> Option AQuick Check:
Custom role = precise access control [OK]
Quick Trick: Use custom roles for exact permission needs [OK]
Common Mistakes:
- Using broad predefined roles without restriction
- Assuming viewer role allows start/stop
- Giving editor role grants too many rights
Master "Cloud IAM Advanced" in GCP
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore GCP Quizzes