You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
-> Reader
-> Security Admin
-> Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.A
The correct answer is B. Assign User1 the Network Contributor role for VNet1.
Explanation:
The Reader role assigned to User1 only grants read-only access to resources. Therefore, User1 cannot assign roles to other users.
Option A is incorrect because assigning User1 the Owner role for VNet1 would give the user complete control over the virtual network, which is not necessary for the required scenario. Additionally, it is not recommended to assign the Owner role to users unless it is absolutely necessary.
Option C is incorrect because assigning User1 the Contributor role for Subscription1 would allow the user to modify any resource in the subscription, not just VNet1. Additionally, removing User1 from the Security Reader role may impact their ability to view security-related information in the subscription.
Option D is also incorrect because removing User1 from the Reader role would revoke their read-only access to resources, which is not desired in the scenario.
Therefore, the best option is to assign User1 the Network Contributor role for VNet1. This role allows the user to manage virtual networks, but not other resources in the subscription, and enables them to assign the Reader role to other users for VNet1.