Your organization wants to control IAM policies for different departments independently, but centrally.
Which approach should you take?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Folders are nodes in the Cloud Platform Resource Hierarchy.
A folder can contain projects, other folders, or a combination of both.
You can use folders to group projects under an organization in a hierarchy.
For example, your organization might contain multiple departments, each with its own set of GCP resources.
Folders allow you to group these resources on a per-department basis.
Folders are used to group resources that share common IAM policies.
While a folder can contain multiple folders or resources, a given folder or resource can have exactly one parent.
https://cloud.google.com/resource-manager/docs/creating-managing-foldersThe best approach to control IAM policies for different departments independently, but centrally, is to use a single Organization with Folders for each department (option C).
Here's why:
Multiple Organizations with multiple Folders (option A) may provide independent control over IAM policies, but it may also increase administrative overhead. Managing multiple organizations can be more complicated than managing a single one, especially if you have many departments. This approach may also result in redundant resources and higher costs, as each organization would need to have its own billing account.
Multiple Organizations, one for each department (option B) can provide independent control over IAM policies, but it can lead to fragmentation of resources and lack of centralized management. It can also lead to increased administrative overhead and costs, as each organization would need to have its own billing account.
A single Organization with multiple projects, each with a central owner (option D) can provide centralized management, but it may not allow for independent control over IAM policies for each department. Each project would have the same central owner, and it may be difficult to grant different permissions to different departments.
A single Organization with Folders for each department (option C) provides the best approach. It allows for centralized management of IAM policies while providing independent control over policies for each department. Each department can have its own folder, and policies can be set at the folder level, allowing for fine-grained control. This approach also minimizes administrative overhead and reduces costs by using a single billing account for the entire organization.
Overall, the best approach is to use a single Organization with Folders for each department (option C), as it provides a balance between centralized management and independent control over IAM policies.