You have an Azure App Service plan named AdatumASP1 that uses the P2v2 pricing tier. AdatumASP1 hosts Ml Azure web app named adatumwebapp1. You need to delegate the management of adatumwebapp1 to a group named Devs.
Devs must be able to perform the following tasks:
• Add deployment slots.
• View the configuration of AdatumASP1.
• Modify the role assignment for adatumwebapp1.
Which role should you assign to the Devs group?
A . Owner
B . Contributor
C . Web Plan Contributor
D . Website Contributor
Answer: A
Explanation:
Owner: Correct Choice
The Owner role lets you manage everything, including access to resources.
Contributor: Incorrect Choice
With contributor role you can Add deployment slots and View the configuration of App service plan but you can’t Modify the role assignment. For this you need User Access Administrator or Owner role. So this is incorrect.
Web Plan Contributor: Incorrect Choice
The Web Plan Contributor role lets you manage the web plans for websites, but not access to them. So this option is incorrect.
Website Contributor: Incorrect Choice
The Website Contributor role lets you manage websites (not web plans), but not access to them.
So this is incorrect option.
Note:
As per least privilege principle it is not advisable to provide owner role to any group, rather you should create custom RBAC role with custom policy and use that role for this operation. However as this option is not available here so only option to go with owner role.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Leave a Reply