Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-500 topic 2 question 51 discussion

Actual exam question from Microsoft's AZ-500
Question #: 51
Topic #: 2
[All AZ-500 Questions]

You have an Azure subscription.
You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.
Which property of the RBAC role definition should you configure?

  • A. NotActions []
  • B. DataActions []
  • C. AssignableScopes []
  • D. Actions []
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
To 'Read a storage account', ie. list the blobs in the storage account, you need an 'Action' permission.
To read the data in a storage account, ie. open a blob, you need a 'DataAction' permission.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions
by mayenite at Feb. 4, 2021, 4:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
milind8451
Highly Voted 3 years, 2 months ago
Right ans, DataAction[] is used at blob level, Action [] is used at container and storage acc level.
upvoted 23 times
usit
2 years, 5 months ago
I don't think this is correct, Look at the Alice & Bob Diagram shown here. You can clearly see Bob has access to the storage account in the Actions category - https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions
upvoted 1 times
...
...
teehex
Highly Voted 2 years, 11 months ago
The Actions permission specifies the management operations that the role allows to be performed. It is a collection of operation strings that identify securable operations of Azure resource providers (in this case it is Microsoft.Storage). The DataActions permission specifies the data operations that the role allows to be performed to your data within that object. Correct answer is D - Action[]
upvoted 13 times
...
ESAJRR
Most Recent 7 months ago
Selected Answer: D
D. Actions
upvoted 1 times
...
icebw22
1 year, 1 month ago
Correct answer, Action for management plane Data action for data plane
upvoted 2 times
...
majstor86
1 year, 1 month ago
Selected Answer: D
D. Actions []
upvoted 3 times
...
tblazeen
1 year, 7 months ago
D is the right answer. Role-based access control for control plane actions is specified in the Actions and NotActions properties of a role definition. Here are some examples of control plane actions in Azure: Manage access to a storage account Create, update, or delete a blob container Delete a resource group and all of its resources https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions#control-and-data-actions
upvoted 3 times
...
Siphe
1 year, 8 months ago
Answer = B DataActions Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete Returns the result of deleting a blob Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read Returns a blob or a list of blobs Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#compute
upvoted 1 times
Ivanvazovv
1 year, 8 months ago
Storage account is not only Blob.
upvoted 1 times
...
...
Alessandro365
1 year, 10 months ago
Selected Answer: D
D is correct answer.
upvoted 1 times
...
Eltooth
2 years, 1 month ago
Selected Answer: D
D is correct answer.
upvoted 2 times
...
Tash95
2 years, 2 months ago
I'd say answer is B You create a storage account through the control plane. You use the data plane to read and write data in the storage account. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/control-plane-and-data-plane
upvoted 1 times
siuloongwoo
1 year, 10 months ago
So far what I've learned is, "read carefully". Question stated "read the storage accounts", not read the "data in" the storage accounts.
upvoted 7 times
...
...
udmraj
2 years, 2 months ago
Correct Answer : D
upvoted 1 times
...
AS179
2 years, 4 months ago
Selected Answer: D
D is correct
upvoted 3 times
...
Farooque
2 years, 8 months ago
All Answers are correct and regarding the last one, so Virtual Administrator can use for login and not resetting the password.
upvoted 2 times
...
Appuni
3 years ago
correct
upvoted 3 times
...
mayenite
3 years, 2 months ago
Correct
upvoted 12 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel