Microsoft Azure Security Technologies (AZ-500)

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft Azure Security Technologies (AZ-500) exam. Prepare with well-structured questions and detailed explanations. Enhance your understanding and improve your readiness for the certification exam!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

When creating a custom role-based access control (RBAC), which property must you configure to read an Azure Storage account?

  1. NotActions []

  2. DataActions []

  3. AssignableScopes []

  4. Actions []

The correct answer is: Actions []

To read an Azure Storage account when creating a custom role-based access control (RBAC), the property that must be configured is the Actions property. This property defines the operations that users assigned to the role are allowed to perform on Azure resources. In the context of Azure Storage, to enable read access, the appropriate actions related to reading data, such as "Microsoft.Storage/storageAccounts/read" and potentially others that pertain to reading blob or file data, need to be included within the Actions property. These actions specify the permissions granted to users under this role. Other properties like NotActions are used to explicitly deny certain actions even if they are generally allowed by other roles. DataActions, on the other hand, are utilized for actions that specifically pertain to data plane operations but are not used to define basic permissions like reading a storage account. AssignableScopes is a property that identifies where the custom role can be assigned, such as at the subscription or resource group level, but does not define what actions the role allows. Thus, the Actions property is essential for specifying the permissions required to read from Azure Storage accounts.

More Questions Like This