Add diagram to delegated role grants example

cloud-operations/README.md

@@ -33,3 +33,9 @@ The example's feed tracks changes to Google Compute instances, and the Cloud Fun
 <a href="./quota-monitoring" title="Compute Engine quota monitoring"><img src="./quota-monitoring/diagram.png" align="left" width="280px"></a> This [example](./quota-monitoring) shows a practical way of collecting and monitoring [Compute Engine resource quotas](https://cloud.google.com/compute/quotas) via Cloud Monitoring metrics as an alternative to the recently released [built-in quota metrics](https://cloud.google.com/monitoring/alerts/using-quota-metrics). A simple alert on quota thresholds is also part of the example.
 
 <br clear="left">
+
+## Delegated Role Grants
+
+<a href="./iam-delegated-role-grants" title="Delegated Role Grants"><img src="./iam-delegated-role-grants/diagram.png" align="left" width="280px"></a> This [example](./iam-delegated-role-grants) shows how to restrict service usage to restrict service usage through delegated role grants.
+
+<br clear="left">

cloud-operations/iam-delegated-role-grants/README.md

@@ -16,6 +16,10 @@ Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/c
 - `terraform init`
 - `terraform apply -var project_id=my-project-id 'project_administrators=["user:project-admin@example.com"]'`
 
+At this point the project should have a set of role that allow the project administrators to do the following:
+
+<img src="diagram.png" width="640px">
+
 Once done testing, you can clean up resources by running `terraform destroy`.
 
 ## Auditing Roles