You are managing a Google Cloud environment where different teams are organized into folders. Each team needs the ability to modify organization policies that are relevant to their specific work. You want to ensure they have the necessary permissions while following Google Cloud's best security practices and reducing administrative complexity. What is the best approach?