Help Desk administrators need a limited set of privileges to perform actions in the Google Admin console. How should an administrator grant these permissions while conforming to the practice of least privilege?
A.
Create a Service Desk Group and add Service Desk admins to the group
B.
Create a new custom admin role and assign
C.
Grant service desk administrators the Services Admin Role
D.
Allow Help Desk administrators full access to manage users
Granular Control: It allows you to select the specific permissions needed for the Help Desk administrators. This ensures they can do their job without having excessive access that could be misused.
Flexibility: You can easily adjust the permissions later if the Help Desk's responsibilities change.
Auditing: The Google Admin console tracks changes made by each role, making it easier to identify the source of any unauthorized actions.
How to Create a Custom Admin Role:
Go to the Google Admin console.
Navigate to Admin roles.
Click Create new role.
Give the role a descriptive name (e.g., "Help Desk Support").
Carefully select the privileges the Help Desk needs (e.g., reset passwords, manage user accounts, view device information).
Assign the role to the Help Desk administrators.
Why Other Options Are Less Ideal:
A. Service Desk Group: Groups are primarily for organization and don't provide granular permission control.
C. Services Admin Role: This role has broader permissions than what a Help Desk typically needs, violating the PoLP.
D. Full Access: This grants excessive privileges and significantly increases the risk of accidental or intentional misuse.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit