Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
You have an Azure subscription. You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account. Which property of the RBAC role definition should you configure?
Suggested Answer:D🗳️
To 'Read a storage account', ie. list the blobs in the storage account, you need an 'Action' permission. To read the data in a storage account, ie. open a blob, you need a 'DataAction' permission. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions
I don't think this is correct, Look at the Alice & Bob Diagram shown here. You can clearly see Bob has access to the storage account in the Actions category - https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions
The Actions permission specifies the management operations that the role allows to be performed. It is a collection of operation strings that identify securable operations of Azure resource providers (in this case it is Microsoft.Storage).
The DataActions permission specifies the data operations that the role allows to be performed to your data within that object.
Correct answer is D - Action[]
D is the right answer.
Role-based access control for control plane actions is specified in the Actions and NotActions properties of a role definition. Here are some examples of control plane actions in Azure:
Manage access to a storage account
Create, update, or delete a blob container
Delete a resource group and all of its resources
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions#control-and-data-actions
Answer = B
DataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#compute
I'd say answer is B
You create a storage account through the control plane. You use the data plane to read and write data in the storage account.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/control-plane-and-data-plane
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
milind8451
Highly Voted 3 years, 2 months agousit
2 years, 5 months agoteehex
Highly Voted 2 years, 11 months agoESAJRR
Most Recent 7 months agoicebw22
1 year, 1 month agomajstor86
1 year, 1 month agotblazeen
1 year, 7 months agoSiphe
1 year, 8 months agoIvanvazovv
1 year, 8 months agoAlessandro365
1 year, 10 months agoEltooth
2 years, 1 month agoTash95
2 years, 2 months agosiuloongwoo
1 year, 10 months agoudmraj
2 years, 2 months agoAS179
2 years, 4 months agoFarooque
2 years, 8 months agoAppuni
3 years agomayenite
3 years, 2 months ago