The Google Cloud Recommendations widget apparently has no restrictions on who can apply the recommendations. This is very dangerous and does not follow the best practice of least privilege. It does provide a warning that it may cause resources, such as Local SSDs and ephemeral IP addresses, to be lost. However, this capability should limited to only individuals who have been given explicit permissions. I would suggest that not even DoiT should have permissions to modify GCP resources like this.
Put restrictions on who can apply the rightsizing recommendations. It would probably be best to tie the capability to existing IAM permissions. But a potential alternative may be to add that permission management to the Users page in CMP.