A junior developer needs read-only access to all GCP resources in a project. Which IAM role grants the minimum permissions required?
Trap 1: Editor
Editor includes full read and write permissions on most resources — far more than read-only access.
Trap 2: Owner
Owner includes all Editor permissions plus billing account management and IAM policy changes — excessive for read-only access.
Trap 3: Browser
Browser provides access to browse the project hierarchy and some metadata but does not grant read access to resource data — it's more restricted than Viewer.
- A
Editor
Why wrong: Editor includes full read and write permissions on most resources — far more than read-only access.
- B
Owner
Why wrong: Owner includes all Editor permissions plus billing account management and IAM policy changes — excessive for read-only access.
- C
Viewer
Viewer grants read-only access to all project resources without any modification permissions — the correct minimum role for read-only access.
- D
Browser
Why wrong: Browser provides access to browse the project hierarchy and some metadata but does not grant read access to resource data — it's more restricted than Viewer.