You have written a Cloud Function that accesses other Google Cloud resources. You want to secure the environment using the principle of least privilege. What should you do?

A. Create a new service account that has Editor authority to access the resources. The deployer is given permission to get the access token. B. Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to get the access token. C. Create a new service account that has Editor authority to access the resources. The deployer is given permission to act as the new service account. D. Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.