Microsoft Azure Administrator Associate AZ-104 Practice Question
An organization wants its users to access Azure Blob storage using their corporate credentials. Users should be able to read and write blobs but must not be able to delete any blobs. How can you configure the storage account to meet these requirements?
Create a custom role with read and write permissions and assign it to the users.
Enable identity-based access on the storage account.
Assign the 'Storage Blob Data Reader' role to the users.
Assign the 'Storage Blob Data Contributor' role to the users.
To grant users the ability to read and write blobs without delete permissions, you need to create a custom role that includes the read and write actions but excludes the delete action. Assigning this custom role to the users via role-based access control (RBAC) ensures they have the exact permissions required. The built-in Storage Blob Data Contributor role grants read, write, and delete permissions, which is more than what's needed. The Storage Blob Data Reader role only allows reading blobs, not writing them. Enabling identity-based access does not address the specific permission settings required in this scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is role-based access control (RBAC) in Azure?
Open an interactive chat with Bash
What is a custom role in Azure, and why would I create one?
Open an interactive chat with Bash
How do I create a custom role in Azure?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Implement and manage storage
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access