B) "Storage Blob Data Contributor" & C) "Reader" The following line says it all: "The Reader role is an Azure Resource Manager role that permits users to view storage account resources, but not modify them. It does not provide read permissions to data in Azure Storage, but only to account management resources. The Reader role is necessary so that users can navigate to blob containers in the Azure portal. For example, if you assign the Storage Blob Data Contributor role to user Mary at the level of a container named sample-container, then Mary is granted read, write, and delete access to all of the blobs in that container. However, if Mary wants to view a blob in the Azure portal, then the Storage Blob Data Contributor role by itself will not provide sufficient permissions to navigate through the portal to the blob in order to view it. The additional permissions are required to navigate through the portal and view the other resources that are visible there." - https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal

TESTED IN LAB: Assigning the Storage Account Contributor and Storage Blob Data Reader rolls to the group and having the user (which is a part of that group) sign in to the portal, the storage account isn't even listed under storage accounts. After removing the Storage Blob Data Reader and assigning the Reader roll to the group, the storage account is listed and the users of the group can creat blobs/fileshares etc. ANSWER: BC

B and C is correct

B) "Storage Blob Data Contributor" & C) "Reader"

BC is right answer!! Get Up-to-date: https://www.pinterest.com/pin/937522847419095399

This was on my exam. Most likely the correct answer is provided by NaoVaz.

B, C is correct!

ebanie

Answer is BC

To ensure that members of Group1 can upload files using the Azure portal while adhering to the principle of least privilege, you need to assign roles that give them just enough permissions to perform the task without any extraneous permissions. B. `Storage Blob Data Contributor`: This role allows for reading, writing, and deleting Azure Storage blobs (object data). This role is necessary for members to be able to upload files. C. `Reader`: This role gives the user read access to see the storage account and its properties but doesn't allow for any modifications. This role would be needed to navigate to the storage account in the Azure portal. Assigning these roles should give Group1 members the ability to upload files to the storage account via the Azure portal without giving them more permissions than they need.

You need to ensure that the members of a group named Group1 can upload files by using the Azure portal. Files is clearly mentioned in the question, by selecting 'Storage Blob Data Contributor' your scope is limited to only containers & blobs. So, in my opinion A & C are the correct options.

Question is still relevant, came on exam today

To Browse the Storage Account in Azure Portal, the Reader role is required

Azure Storage account named storage1- can have BLOB , FILE , TABLE and QUEUE types For Uploading files to BLOB need write permission so with least privilege - Storage Blob Data Contributor will be sufficient , Storage Blob Data Reader is needed

B,C Explanation: To access blob data in the Azure portal with Azure AD credentials, a user must have the following role assignments: * A data access role, such as Storage Blob Data Reader or Storage Blob Data Contributor* The Azure Resource Manager Reader role, at a minimum The Reader role is an Azure Resource Manager role that permits users to view storage account resources, but not modify them. It does not provide read permissions to data in Azure Storage, but only to account management resources. The Reader role is necessary so that users can navigate to blob containers in the Azure portal. Note: in order from least to greatest permissions: The Reader and Data Access role -The Storage Account Contributor role The Azure Resource Manager Contributor role The Azure Resource Manager Owner role

B, C: Blog Data Contributor & Blob Data Reader

If we read the following link https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles •A:Storage Account Contributor Permits management of storage accounts. Provides access to the account key, which can be used to access data via Shared Key authorization. •B:Storage Blob Data Contributor Read, write, and delete Azure Storage containers and blobs. To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Correct Answer: B