You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
When it comes to granting access to Cloud Interconnect VLAN attachments, it is important to ensure that each member of your network operations team has least-privilege access. This means that each team member should only have the permissions necessary to perform their specific tasks, and no more.
Option A, assigning each user the editor role, is not recommended as it grants full access to all resources within the project, including Compute Engine instances, disks, and other resources. This is much more access than what is required to create, modify, and delete Cloud Interconnect VLAN attachments.
Option B, assigning each user the compute.networkAdmin role, also grants more access than what is required for this specific task. This role includes permissions to manage networks, subnetworks, and firewall rules in addition to interconnect attachments.
Option C, giving each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, is the correct option. These permissions allow users to create and retrieve Cloud Interconnect VLAN attachments, which is what is required to perform their tasks.
Option D, giving each user the following permissions: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update, is not necessary as it grants additional permissions related to Compute Engine routers, which are not required for managing Cloud Interconnect VLAN attachments.
In summary, the correct answer is C, to give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.