Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-104 topic 2 question 25 discussion

Actual exam question from Microsoft's AZ-104
Question #: 25
Topic #: 2
[All AZ-104 Questions]

HOTSPOT -
You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements:
✑ Can be assigned only to the resource groups in Subscription1
✑ Prevents the management of the access permissions for the resource groups
✑ Allows the viewing, creating, modifying, and deleting of resources within the resource groups
What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftresources
by roh_87 at Dec. 4, 2020, 3:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
mlantonis
Highly Voted 2 years, 11 months ago
Correct Answer: “/subscriptions/c276fc76-9cd4-44c9-99a7-4fd71546435e” “Microsoft.Authorization/”
upvoted 320 times
Awot
7 months, 1 week ago
I have the feeling that the first option “/subscriptions/c276fc76-9cd4-44c9-99a7-4fd71546435e” is wrong. because it doesn't specify the resource group, the implication is that the user will have access to all other things in the subscription.
upvoted 3 times
...
Slimus
11 months, 1 week ago
Azure RBAC) is the authorization system you use to manage access to Azure resources. https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
upvoted 2 times
...
wpestan
1 year, 4 months ago
Perfect!!! Validate
upvoted 4 times
...
justin19981
1 year, 4 months ago
So often I have the feeling; This HAS to be wrong. And finding the community confirming my thoughts is nice :)
upvoted 14 times
...
Load full discussion...
...
fedztedz
Highly Voted 3 years, 4 months ago
The Answer is Wrong. First part should be "/Subscription/subcription_id" only. There is nothing called "resourceGroups" only or "resourceGroups/*" . You can specify either a subscription, specific resource group, management group or specific resource. for example it should "/subcription/subcription_id/resourceGroups/resource_group_name" Check https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/role-based-access-control/role-definitions.md#role-definition-structure For second box. It is correct but missing "*". It should be "Microsoft.Authorization/*" . if you try this on az cli without "*". you will get an error
upvoted 228 times
tf444
2 years, 10 months ago
{ "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}", "name": "{resourceGroupName}", "type":"Microsoft.Resources/resourceGroups", "location": "{resourceGroupLocation}", "managedBy": "{identifier-of-managing-resource}", "tags": { }, "properties": { "provisioningState": "{status}" } }
upvoted 2 times
...
JayBee65
2 years, 10 months ago
This link https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions gives an example of "/subscriptions/{subscriptionId1}/resourceGroups/Network"
upvoted 8 times
...
rrobb
3 years ago
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-rest#create-a-custom-role Can /{resourceGroup1} be replaced by name or *?
upvoted 2 times
...
Acai
2 years, 9 months ago
I don't know how you said there's no 'resourceGroups' and then put 'resourceGroups' in your example, also an asterisk/wildcard meaning denotes "all" this could imply there are multiple other fields the could be added in place of the wildcard. Regardless, I tested it, you can go to Subscriptions > [Your Subscription] > IAM > Custom Roles. You are correct but the explanation was quite confusing.
upvoted 7 times
mufflon
2 years, 3 months ago
You can specify either a subscription, specific resource group, management group or specific resource. for example it should "/subcription/subcription_id/resourceGroups/resource_group_name" So it you use "/subcription/subcription_id/resourceGroups/resource_group_name" then you need the resource_group_name
upvoted 1 times
...
...
Load full discussion...
...
Amir1909
Most Recent 2 months, 1 week ago
Correct Answer: “/subscriptions/c276fc76-9cd4-44c9-99a7-4fd71546435e” “Microsoft.Authorization/”
upvoted 2 times
...
Ahkhan
5 months, 2 weeks ago
This question was on my exam today on 11/14/2023. For me, except one question, all were from here but they had some figures changed. Only minor changes.
upvoted 10 times
FlaShhh
4 months, 3 weeks ago
hey man, were the free questions enough or did you use the contributor access?
upvoted 1 times
...
...
GRONDBOTTER
5 months, 4 weeks ago
https://youtu.be/dPdgx30w9sU?si=tC3GRFFC4-SIzIuL
upvoted 3 times
...
mattpaul
6 months, 1 week ago
I passed with these questions and many friends passed too, if you want real exam questions for twenty only, contact me on [email protected]
upvoted 1 times
...
mattpaul
6 months, 2 weeks ago
pass in the first attempt with real questions, contact me [email protected]
upvoted 1 times
...
Mitazure7
6 months, 2 weeks ago
In Azure, the correct format for specifying a resource group's path within a subscription is as follows: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>
upvoted 1 times
...
TedM2
6 months, 3 weeks ago
The answer shown for the first part seems to be incorrect, per https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions#assignablescopes
upvoted 1 times
...
rikininetysix
7 months, 3 weeks ago
The given answer is correct. As the standard format for a resource ID is : '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}' It clearly contains '/subscriptions/{subscriptionId}/resourceGroups/' which should be the proper assignable scope. In order to prevents the management of the access permissions for the resource groups (requirement 2), you need to select 'Microsoft.Authorization/' under permissions, notActions. If the assignable scope is '/subscriptions/{subscriptionId}/' the notAction permission 'Microsoft.Authorization/' would prevent the management of access permission at the subscription level, which is not asked in the question. This link validates the resource ID structure - https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription
upvoted 1 times
...
CarlosMarin
7 months, 4 weeks ago
This question was inmy exam on 31/08/2023.
upvoted 9 times
...
Elecktrus
8 months, 1 week ago
In exam 18/08/23
upvoted 8 times
...
kamalpur
9 months ago
This question is explained in below video https://youtu.be/Cjn-rolVh4c
upvoted 16 times
sheilawu
3 months, 1 week ago
Nice link, thank you!
upvoted 1 times
...
...
NYTK
9 months, 1 week ago
I took exams on 21/7/2023. This exams came.
upvoted 4 times
...
Josete1106
9 months, 1 week ago
Correct Answer: “/subscriptions/c276fc76-9cd4-44c9-99a7-4fd71546435e” “Microsoft.Authorization/”
upvoted 3 times
...
kmsalman
10 months, 1 week ago
This question was in the exam on 6/17/2023.
upvoted 5 times
...
Juanchooo
11 months, 2 weeks ago
Came in my exam today 17/05/23
upvoted 3 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel