Setting Access Permissions for Supervisor in Azure Stack Hub | Microsoft Exam AZ-600

Assigning Roles for Supervisor in Azure Stack Hub | Access Permissions Guide

Question

You are responsible to set the access permissions for different users in your company.

Your company hires a new Supervisor to successfully manage the multitenant AZ Stack Hub Integrated System.

You need to set the access permission for the Supervisor keeping in mind that he should be capable of monitoring the status of backups, creating and managing the offers and plans, and accessing the resources.

Which of the following role would you assign to the Supervisor?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answer: C

With the owner role, the user is capable of managing everything including access to the resources.

Option A is incorrect.

With the Reader role, the supervisor would be able to view everything but change nothing.

Option B is incorrect.

With the contributor role, the supervisor would be capable of managing anything but no access to the resources.

Option C is correct.

With the Owner role, the supervisor can manage everything, including access to the resources.

Option D is incorrect.

The custom role should be assigned if the user needs to be given limited and specific access to the resources.

Option E is incorrect.

The administrator is not a valid role in setting access permissions using role-based access control.

To know more about setting access permissions using role-based access control, please visit the below-given link:

Based on the given scenario, the appropriate role that can be assigned to the Supervisor is Contributor.

Here's why:

  • Reader role: This role is designed to provide only read-only access to the resources in the Azure Stack Hub. A user with this role can only view the resources and their settings but cannot make any changes or updates to them. Hence, it won't be suitable for the Supervisor as he needs to create and manage offers and plans.
  • Contributor role: This role allows the user to manage the resources but not the access to them. A user with this role can create and manage resources such as virtual machines, storage accounts, and networks, which makes it ideal for the Supervisor to perform the required tasks of creating and managing offers and plans, monitoring backups and accessing resources.
  • Owner role: This role provides full control over the resources including the ability to manage access to them. This role is generally assigned to the resource owner who is responsible for managing the resource. As the Supervisor is only responsible for managing the multitenant AZ Stack Hub Integrated System and not the entire resource group, assigning the Owner role would be too broad and could cause potential security risks.
  • Custom role: This role allows the user to define specific permissions that are not covered by the built-in roles. Since the required permissions for the Supervisor are already covered by the Contributor role, creating a custom role would be unnecessary and could potentially introduce additional complexity.
  • Administrator role: This role is intended for managing the Azure Stack Hub infrastructure and has access to all the resources in the system. Assigning this role to the Supervisor would be too powerful and could lead to unintended consequences such as accidental deletion of resources.

Therefore, the Contributor role is the most suitable option for the Supervisor in this scenario as it provides the necessary access and permissions to manage resources and create/manage offers and plans while keeping the access level appropriately restricted.