Microsoft Azure Administrator Associate AZ-104 Practice Question
A user reports they can manage virtual machines in a resource group, but they have not been assigned any roles at that resource group level. As an Azure administrator, how can you identify the permissions that grant the user this access?
Review the Azure Entra ID roles assigned to the user
Examine the activity log for role assignment changes
Create an access review for the resource group
Use the Check access feature in Access Control (IAM) to view the user's role assignments
To identify how the user has these permissions, you should use the Check access feature in the Access Control (IAM) blade for the resource group. This feature allows you to view all the role assignments for the user, including those inherited from higher scopes like the subscription or management group. By examining the user's access, you can determine which roles are granting the permissions and at what scope. Reviewing Azure Entra ID roles or creating an access review wouldn't provide information about resource-level permissions. The activity log shows changes but doesn't display inherited role assignments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Check access feature in Access Control (IAM)?
Open an interactive chat with Bash
What are role assignments in Azure, and how do they work?
Open an interactive chat with Bash
What is the difference between Azure Entra ID roles and Azure roles?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Manage Azure identities and governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access