Viewing Access in Azure Virtual Desktop Deployment | RBAC Roles

Allowing Users to View Everything in Azure Virtual Desktop Deployment without Making Changes

Prev Question Next Question

Question

You need to allow one of the users to view everything in the deployment but not make any changes.

Which of the following RBAC roles would you provide? (Select the most appropriate option)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B

The Desktop Virtualization Reader is the specific role that allows you to view everything in the deployment but not make any changes.

© Exclude files: ° 000000000000 s4ProgramFiles?é\FSLogix\Apps\frxdrv sys séProgramFiles%é\FSLogix\Apps\frxdrwvt.sys s4ProgramFiles%4\FSLogix\Apps\frxccd.sys S4TEMP%\*.VHD S6TEMP%\*.VHDX 4Windir%\TEMP\SVHD Windir%\TEMP\*.VHDX \\storageaccount file.core.windows.net\share\*.VHD. \\storageaccount file.core. windows.net\share\* VHDX séProgramData%\FSLogix\Cache\*.VHD (additional - only if you use Cloud Cache) ‘séProgramData%\FSLogix\Cache\*.VHDX (additional - only if you use Cloud Cache) S6ProgramData%\FSLogix\Proxy\*.VHD (additional - only if you use Cloud Cache) S6ProgramData%\FSLogix\Proxy\*. VHDX (additional - only if you use Cloud Cache) + Exclude processes: ° ° ° S6ProgramFiles?%\FSLogix\Apps\fnxccd.exe SéProgramFiles?é\FSLogix\Apps\frxceds.exe %4ProgramFiles%\FSLogix\Apps\frxsvc.exe

Option A is incorrect.

The Desktop Virtualization Contributor role will allow the user to manage all aspects of the deployment.

Option B is correct.

The Desktop Virtualization Reader is the specific role that allows you to view everything in the deployment but not make any changes.

Option C is incorrect.

Host Pool Reader will allow the user to see everything in the host pool.

Option D is incorrect.

Application Group Reader should be assigned if you want the user to get access to information about the various applications in the workspace.

To know more about Built-in roles for Azure Virtual Desktop, please visit the below-given link:

The RBAC (Role-Based Access Control) feature in Azure Virtual Desktop (AVD) enables you to manage permissions for various resources, including desktops, applications, host pools, and other components of an AVD deployment.

To allow a user to view everything in an AVD deployment but not make any changes, you should provide the "Desktop Virtualization Reader" role. This role provides read-only access to all the resources in an AVD deployment, allowing users to view settings and configurations but not modify them.

Let's go through the options to understand why "Desktop Virtualization Reader" is the most appropriate option:

A. Desktop Virtualization Contributor: This role provides the ability to manage and configure all resources in an AVD deployment, including creating and deleting resources. It is not appropriate for a user who should only be able to view resources.

B. Desktop Virtualization Reader: This role provides read-only access to all resources in an AVD deployment, allowing users to view settings and configurations but not modify them. This is the most appropriate role for a user who should be able to view everything but not make any changes.

C. Desktop Virtualization Host Pool Reader: This role provides read-only access to a specific host pool in an AVD deployment, allowing users to view settings and configurations for that host pool only. It is not appropriate for a user who needs to view everything in the deployment.

D. Desktop Virtualization Application Group Reader: This role provides read-only access to a specific application group in an AVD deployment, allowing users to view settings and configurations for that application group only. It is not appropriate for a user who needs to view everything in the deployment.

Therefore, "Desktop Virtualization Reader" is the most appropriate option for allowing a user to view everything in the deployment but not make any changes.

Prev Question Next Question