A company wants to control which resources can be accessed by a service account in a specific project. Which IAM policy binding approach should be used?
Select one: