1. Create a general service account **g-sa" to execute the batch jobs.• 2 Grant the permissions required to execute the batch jobs to g-sa.• 3. Execute the batch jobs with the permissions granted to g-sa

1. Create a general service account "g-sa" to orchestrate the batch jobs.• 2. Create one service account per batch job Mb-sa-[1-5]," and grant only the permissions required to run the individual batch jobs to the service accounts.• 3. Grant the Service Account Token Creator role to g-sa Use g-sa to obtain short-lived access tokens for b-sa-[1-5] and to execute the batch jobs with the permissions of b-sa-[1-5].

1. Create a workload identity pool and configure workload identity pool providers for each batch job• 2 Assign the workload identity user role to each of the identities configured in the providers.• 3. Create one service account per batch job Mb-sa-[1-5]". and grant only the permissions required to run the individual batch jobs to the service accounts• 4 Generate credential configuration files for each of the providers Use these files to ex

• 1. Create a general service account "g-sa" to orchestrate the batch jobs.• 2 Create one service account per batch job 'b-sa-[1-5)\ Grant only the permissions required to run the individual batch jobs to the service accounts and generate service account keys for each of these service accounts• 3. Store the service account keys in Secret Manager. Grant g-sa access to Secret Manager and run the batch jobs with the permissions of b-sa-[1-5].<