You are a Security Administrator at your organization. You need to restrict service account creation capability within production environments. You want to accomplish this centrally across the organization. What should you do?
A.
Use Identity and Access Management (IAM) to restrict access of all users and service accounts that have access to the production environment.
B.
Use organization policy constraints/iam.disableServiceAccountKeyCreation boolean to disable the creation of new service accounts.
C.
Use organization policy constraints/iam.disableServiceAccountKeyUpload boolean to disable the creation of new service accounts.
D.
Use organization policy constraints/iam.disableServiceAccountCreation boolean to disable the creation of new service accounts.
Answer is (D).
You can use the iam.disableServiceAccountCreation boolean constraint to disable the creation of new service accounts. This allows you to centralize management of service accounts while not restricting the other permissions your developers have on projects.
https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts#disable_service_account_creation
Answer D
You can use the iam.disableServiceAccountCreation boolean constraint to disable the creation of new service accounts. This allows you to centralize management of service accounts while not restricting the other permissions your developers have on projects.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Tabayashi
Highly Voted 2 years ago[Removed]
Highly Voted 9 months, 1 week agoTNT87
Most Recent 1 year agopskm12
1 year, 3 months agogupta3
1 year, 4 months agoAzureDP900
1 year, 6 months agoAwesomeGCP
1 year, 6 months agozellck
1 year, 7 months ago