You have an Azure subscription. You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account. Which property of the RBAC role definition should you configure?
ARM templates provide 5 arrays to assign RBAC roles to Azure resources:
actions[], notActions[], dataActions[], notDataActions[], and assignableScopes[].
The actions[] array grants explicit access to specified operations, while the notActions[] array explicitly denies certain operations within the allowed actions (e.g., granting read access to storage but explicitly denying delete access).
The assignableScopes[] array defines where these roles can be assigned, such as management groups, subscriptions, resource groups, or specific resources.
I don't think this is correct, Look at the Alice & Bob Diagram shown here. You can clearly see Bob has access to the storage account in the Actions category - https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions
The Actions permission specifies the management operations that the role allows to be performed. It is a collection of operation strings that identify securable operations of Azure resource providers (in this case it is Microsoft.Storage).
The DataActions permission specifies the data operations that the role allows to be performed to your data within that object.
Correct answer is D - Action[]
D is the right answer.
Role-based access control for control plane actions is specified in the Actions and NotActions properties of a role definition. Here are some examples of control plane actions in Azure:
Manage access to a storage account
Create, update, or delete a blob container
Delete a resource group and all of its resources
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions#control-and-data-actions
Answer = B
DataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#compute
I'd say answer is B
You create a storage account through the control plane. You use the data plane to read and write data in the storage account.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/control-plane-and-data-plane
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
milind8451
Highly Voted 4 years, 2 months ago153a793
7 months agousit
3 years, 5 months agoteehex
Highly Voted 3 years, 11 months agopentium75
Most Recent 9 months, 1 week agoESAJRR
1 year, 7 months agoicebw22
2 years, 1 month agomajstor86
2 years, 2 months agotblazeen
2 years, 7 months agoSiphe
2 years, 8 months agoIvanvazovv
2 years, 8 months agoAlessandro365
2 years, 10 months agoEltooth
3 years, 1 month agoTash95
3 years, 2 months agosiuloongwoo
2 years, 10 months agoudmraj
3 years, 2 months agoAS179
3 years, 4 months agoFarooque
3 years, 8 months agoAppuni
4 years, 1 month agomayenite
4 years, 2 months ago