You are tasked with setting up permissions for a new Google Cloud project involving cross-functional teams. The project will handle sensitive customer data that should only be accessible to a specific data analysis team. What is the best way to configure permissions to ensure security and maintainability?