You have an Azure Subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.
Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
User1 has been assigned two roles: 'Storage Blob Data Contributor' and 'Reader'. The 'Storage Blob Data Contributor' role grants User1 the ability to read, write, and delete blob data in the storage account, which means User1 can upload blob data to storageacct1234. The 'Reader' role, inherited from the resource group, enables User1 to view the resources within the storage account, including the blob data. Therefore, User1 can both upload blob data and view blob data in storageacct1234.
Correct Answer is:BD
For example, if you assign the Storage Blob Data Contributor role to user Mary at the level of a container named sample-container, then Mary is granted read, write, and delete access to all of the blobs in that container. However, if Mary wants to view a blob in the Azure portal, then the Storage Blob Data Contributor role by itself will not provide sufficient permissions to navigate through the portal to the blob in order to view it. The additional permissions are required to navigate through the portal and view the other resources that are visible there.
correct answers: BD
Storage Blob Data Contributor --> Read, write, and delete Azure Storage containers and blobs Reader --> View all resources, but does not allow you to make any changes Any permission has been granted at storage account level or file shares directly, so reading access to files share is not possible
Azure file shares are deployed into storage accounts so I think it is BDE.
E is not the answer. The Reader role only grants User1 the permission to view the properties and metadata of the storage account, not the data inside it.
This question was in exam 22/03/2024. My response BD
Was it correct?
Correct answer: B and D. Why? Here is the answer: User1 can perform the following two actions based on their assigned roles: Upload blob data to storageacct1234: User1 has been assigned the “Storage Blob Data Contributor” role for the storage account named storageacct1234. This role allows them to upload data to blob containers within that storage account. View blob data in storageacct1234: Additionally, User1 has the “Reader” role at the Resource group (inherited) scope. While this role doesn’t provide read permissions to data in Azure Storage, it does allow User1 to view storage account resources, including blob containers. Therefore, User1 can view blob data within the storageacct1234 storage account.
This question was in exam 01/03/2024
What’s the answer?
AE. Explanation for A Storage Blob Data Contributor: Read, write, and delete Azure Storage containers and blobs. Because Storage Blob Data Contributor can read/write(modify/edit) Azure storage containers, roles for containers can also be changed. Explanation for E. Reader: View all resources, but does not allow you to make any changes. Because you can view all resource inside of the RG, you can see Files Shares in the storage account. File Shares are resources. You WONT see the files/data inside of the File Shares. B. Incorrect: Storage Blob Data Contributor does not let you write/upload blob data. C. Incorrect: You know why. D: Incorrect: Reader lets you see resources only, not data. Storage Blob Data Contributor lets you see/edit blobs & storage containers only, it does not let you see data.
Wellp. You're wrong, and you admitted it in your explanation which is strange enough. Answer A is stating that the user could ASSIGN ROLES to other users. This is inherently wrong.
I cleared the exam today. This question was in my exam. Thanks ET and everyone. Most of the questions from ET.
It has to be B & D. The Reader role is scoped to resource group anyway
Was on exam 11/2 2024
read cannot read file share, because it have not any dataAction
ChatGPT4 says B&D
correct answers: BD
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage#storage-blob-data-contributor
B, D and E
User1 can perform the following two actions based on their assigned roles: Upload blob data to storageacct1234: User1 has been assigned the “Storage Blob Data Contributor” role for the storage account named storageacct1234. This role allows them to upload data to blob containers within that storage account. View blob data in storageacct1234: Additionally, User1 has the “Reader” role at the Resource group (inherited) scope. While this role doesn’t provide read permissions to data in Azure Storage, it does allow User1 to view storage account resources, including blob containers. Therefore, User1 can view blob data within the storageacct1234 storage account.
Correct Answer is:BD
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-blob-data-contributor