Complete the code to assign a role to a user in GCP IAM.
gcloud projects add-iam-policy-binding my-project --member='user:alice@example.com' --role=[1]
The roles/viewer role grants read-only access, which is a basic and safe permission to assign.
Complete the code to create a custom IAM role with specific permissions.
gcloud iam roles create customRole --project=my-project --permissions=[1] --title='Custom Role'
These permissions allow read access to storage buckets and objects, suitable for a custom read-only role.
Fix the error in the IAM policy binding command to grant a service account the correct role.
gcloud projects add-iam-policy-binding my-project --member=[1] --role='roles/storage.objectViewer'
Service accounts must be specified with the prefix serviceAccount: to be recognized correctly.
Fill both blanks to create a conditional IAM binding that grants access only if the request comes from a specific IP range.
gcloud projects add-iam-policy-binding my-project --member=[1] --role='roles/storage.objectViewer' --condition='expression=[2],title=IPRestriction'
The condition restricts access to requests coming from the IP range 192.168.1.0/24 for the specified user.
Fill all three blanks to define a least privilege IAM policy binding with a condition on device security status.
gcloud projects add-iam-policy-binding my-project --member=[1] --role=[2] --condition='expression=[3],title=DeviceSecurityCheck'
This binding grants the security reviewer role only if the device is trusted, following least privilege principles.