HOTSPOT
A company uses Azure for several virtual machine (VM) and website workloads. The company plans
to assign administrative roles to a specific group of users. You have a resource group named
GROUP1 and a virtual machine named VM2.
The users have the following responsibilities:
You need to assign the appropriate level of privileges to each of the administrators by using the
principle of least privilege.
What should you do? To answer, select the appropriate target objects and permission levels in the
answer area.
Explanation:
* Owner can manage everything, including access.
* Contributors can manage everything except access.
Note: Azure role-based access control allows you to grant appropriate access to Azure AD users,
groups, and services, by assigning roles to them on a subscription or resource group or individual
resource level.Role-based access control in the Microsoft Azure portal
http://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/
Following principle of least privilege, User 2 only needs to be a reader to prepare reports?
User 1 – VM2 – OWNER
User 2 – SUBSCRIPTION – READER
User 3 – GROUP1 – CONTRIBUTOR