ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 16 question 3 discussion

Actual exam question from Microsoft's AZ-103
Question #: 3
Topic #: 16
[All AZ-103 Questions]

HOTSPOT -
You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements:
✑ Can be assigned only to the resource groups in Subscription1
✑ Prevents the management of the access permissions for the resource groups
✑ Allows the viewing, creating, modifying, and deleting of resource within the resource groups
What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer: Explanation
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftresources
by pantcm at Sept. 14, 2019, 10:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pantcm
Highly Voted 5 years, 9 months ago
/resourceGroups and "Microsoft.Authorization/*"
upvoted 14 times
...
mileytores
Highly Voted 5 years, 7 months ago
"/Subscriptions/c276fc76-9cd4-44c9-99a7-ertert3453454353"/ResocurceGroups" "Microsoft.Authrorization" Es la correcta.
upvoted 13 times
...
Raj_az104
Most Recent 4 years, 2 months ago
Not able to see options for giving answers. Is website having some issues. I am using MSFT Edge Browser,
upvoted 2 times
...
anon1234
4 years, 12 months ago
Question 11 on this page: https://www.examtopics.com/exams/microsoft/az-103/view/3/ Box 1: /subscription/subscription id Box 2: Microsoft Authorization
upvoted 12 times
hstorm
4 years, 9 months ago
Box 1: /subscription/subscription id/resource groups/* And yes i know the "/*" is missing in question, but only solution that would restrict assignment to only resource groups. (Guess its a typo in the question)
upvoted 1 times
...
...
babablackship
5 years ago
I dont see Hot area in question and answer.
upvoted 2 times
...
Kallandor
5 years, 3 months ago
Can't see the answer area!
upvoted 10 times
1337Troll
5 years, 2 months ago
Take a look here: https://vceguide.com/what-should-you-specify-in-the-assignable-scopes-and-the-permission-elements-of-the-definition-of-cr1/
upvoted 9 times
...
...
uncleokon
5 years, 3 months ago
hmmm i am not sure of the answer
upvoted 2 times
...
Janoloco9
5 years, 3 months ago
References: https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftresourc
upvoted 1 times
...
luckio
5 years, 4 months ago
Step by step: $role = (Get-AzRoleDefinition -Name “Reader”) $role.Name = “CR1” $role.Id = $null $role.Actions.Clear() $role.Actions.Add(“*”) $role.NotActions.Clear() $role.NotActions.Add(“Microsoft.Authorization/*/Delete”) $role.NotActions.Add(“Microsoft.Authorization/*/Write”) $role.NotActions.Add(“Microsoft.Authorization/elevateAccess/Action”) $role.AssignableScopes.Clear() $role.AssignableScopes.Add(“/Subscriptions/ c276fc76-9cd4-44c9-99a7-4fd71546436e”) New-AzRoleDefinition -Role $role
upvoted 1 times
...
Ilocana
5 years, 4 months ago
Where is Answer Area?
upvoted 7 times
luckio
5 years, 4 months ago
My response is for Cloud Shell or Power Shell
upvoted 1 times
...
...
marek76
5 years, 6 months ago
JSON template should look like something like this: ... { "Name": "CR1", "Id": "88888888-8888-8888-8888-888888888888", "IsCustom": true, "Description": "CR1", "Actions": [ "*" ], "NotActions": [ "Microsoft.Authorization/*/Delete", "Microsoft.Authorization/*/Write", "Microsoft.Authorization/elevateAccess/Action" ], "DataActions": [], "NotDataActions": [], "AssignableScopes": [ "/subscriptions/c276fc76-9cd4-44c9-99a7-4fd71546436e/resourceGroups" ] }
upvoted 9 times
...
Marz
5 years, 7 months ago
"/subscriptions/{subscriptionId1}" is used to scope the role https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/role-based-access-control/role-definitions.md#assignablescopes
upvoted 1 times
...
Marz
5 years, 7 months ago
agree with pantcm. but /Resourcegroups, should be actions:* and Microsoft.Authorization a notactions https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/role-based-access-control/role-definitions.md#role-definition-structure
upvoted 2 times
...
Marz
5 years, 7 months ago
think also need AssignableScopes to restrict to a scope https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/role-based-access-control/role-definitions.md#assignablescopes
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel