Your team is storing sensitive customer data in a Cloud Storage bucket. They want to ensure that only specific users within the organization have access to this data and want to prevent any possibility of the data being made public. Which configuration would best meet this requirement?