7. What level of granularity for stack outputs access permissions is available in pulumi? Is it possible to control it on an output-level or is it on stack level?

Do you mean via RBAC? Currently it is per-stack. Definitely interested in scenarios that require finer granularity, and expect to add more granularity as needed to support customer use cases.

I am still exploring a design of pulumi projects/stack structure. What I am thinking right now is to have a single “admin”/umbrella pulumi project to manage GCP folders and other organisation data resources for all the business projects/teams and then delegate/give permissions to specific outputs from a set of resources (e.g. related to a single business project) to people from that business project team.