Your company has created a new data analytics team. Data analysts will need to read data from and write data to Cloud Storage and query data from BigQuery. Data engineers will also need to create Cloud Storage buckets and set data lifecycle management policies on buckets. You want to follow Google Cloud's recommended best practices. How would you manage access permission for the new team?