Within your organization, a top-tier folder segregates application environments into prod and dev. Developers require access to all audit logs related to application development but are prohibited from accessing production logs. Conversely, the security team can review logs in both production and development environments. Your task is to assign Identity and Access Management (IAM) roles, ensuring the principle of least privilege for both teams. What's the optimal approach?