AZ-103 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-103 Exam - Question 209

HOTSPOT -

You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.

You need to create a custom RBAC role named CR1 that meets the following requirements:

✑ Can be assigned only to the resource groups in Subscription1

✑ Prevents the management of the access permissions for the resource groups

✑ Allows the viewing, creating, modifying, and deleting of resource within the resource groups

What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Show Answer
Correct Answer:

To create a custom RBAC (Role-Based Access Control) role named CR1 that meets the specified requirements, the following must be defined: In the assignable scopes, you should specify '/subscriptions/c276fc76-9cd4-44c9-99a7-4fd71546436e/resourceGroups'. This restricts the role to only allowing assignments within the resource groups of Subscription1. Additionally, in the permissions element, you need to specify the actions to allow viewing, creating, modifying, and deleting resources, which can be done using 'Microsoft.Resources/*'. To prevent the management of access permissions for the resource groups, you should explicitly deny 'Microsoft.Authorization/*'. Therefore, the correct selections are: 1. Assignable scopes: '/subscriptions/c276fc76-9cd4-44c9-99a7-4fd71546436e/resourceGroups' 2. Permissions: 'Microsoft.Resources/*' excluding 'Microsoft.Authorization/*'.

Discussion

4 comments
Sign in to comment
certificatores
Mar 29, 2020

https://www.examtopics.com/exams/microsoft/az-103/view/3/

ExamGuy01
May 28, 2020

thanks!

praveen97
Jul 5, 2020

'/subscriptions/SubscriptionID/resourceGroups/' will give error since it is looking for a specific resource group name here. First answer should be /subscriptions/SubscriptionID Second answer is correct. It is Microsoft.Authorization/*

jonnybugaloo
Jun 5, 2020

Image: https://www.examtopics.com/assets/media/exam-media/03048/0001200001.png Answer: https://www.examtopics.com/assets/media/exam-media/03048/0001300001.png

Eggsamine
Jul 24, 2020

Repeat of Topic 1, question 11: https://www.examtopics.com/exams/microsoft/az-103/view/3/

Pradh
Jan 9, 2022

some people BARK in comment section with so much confidence. 1st answer is CORRECT .Since i cannot attach screen shot , i am pasting the portal data below. Create a custom role Basics Permissions Assignable scopes JSON Review + create Add assignable scopes Click Add assignable scopes to select the scopes (management groups, subscriptions, or resource groups) where this role will be available for assignment. Your role must have at least one assignable scope. Learn more Assignable scope Type /subscriptions/447fe710-e767-4117-9ed5-5b6ef9f6e786/resourceGroups/rg Resource group