Several departments in an organization are working together on a (Digital Leader)

Correct answer: A) By mapping IAM roles to job functions for each department.
Here's why:

A) Mapping IAM (Identity and Access Management) roles to job functions for each department allows for granular control over access permissions based on the specific roles and responsibilities within each department. By defining IAM roles that align with the job functions of each department, administrators can easily assign appropriate access levels to employees, ensuring that they have the necessary permissions to perform their tasks without granting unnecessary access.

B) Assigning IAM primitive roles to each employee can lead to a proliferation of roles and a lack of consistency in access management. It may also result in over-privileged or under-privileged permissions for certain employees, as primitive roles provide broad access without fine-grained control.

C) Applying least-privilege to roles for each employee is important for security and access control, but it may not be the quickest or most efficient way to customize access for each department. Least-privilege should be implemented within the context of mapped IAM roles to job functions, ensuring that employees have access only to the resources necessary for their specific roles.

D) Creating a single shared service account for all departments would not allow for customized access control based on departmental requirements. It could lead to security risks and potential conflicts of interest, as different departments may have distinct access needs and responsibilities.