I am still exploring a design of pulumi projects/stack structure. What I am thinking right now is to have a single “admin”/umbrella pulumi project to manage GCP folders and other organisation data resources for all the business projects/teams and then delegate/give permissions to specific outputs from a set of resources (e.g. related to a single business project) to people from that business project team.