Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Project1. Only a group named Project1admins is assigned roles in the Project1 subscription. The Project1 subscription contains all the resources for an application named Application1.
Your company is developing a new application named Application2. The members of the Application2 development team belong to an Azure Active Directory
(Azure AD) group named App2Dev.
You identify the following requirements for Application2:
-> The members of App2Dev must be prevented from changing the role assignments in Azure.
-> The members of App2Dev must be able to create new Azure resources required by Application2.
-> All the required role assignments for Application2 will be performed by the members of Project1admins.
You need to recommend a solution for the role assignments of Application2.
Solution: Create a new Azure subscription named Project2. Assign Project1admins the Owner role for the Project2 subscription. Assign App2Dev the Contributor role for the Project2 subscription.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.A
The proposed solution of creating a new Azure subscription named Project2, assigning Project1admins the Owner role for the Project2 subscription, and assigning App2Dev the Contributor role for the Project2 subscription meets the specified requirements for Application2.
Explanation:
The requirements state that the members of App2Dev must be prevented from changing the role assignments in Azure. By assigning the Contributor role to App2Dev in the new subscription, they will have the ability to create and manage resources for Application2 but will not have permissions to modify role assignments in Azure.
The requirements also state that the members of App2Dev must be able to create new Azure resources required by Application2. By assigning the Contributor role to App2Dev, they will have the necessary permissions to create and manage resources for Application2 in the new subscription.
Lastly, the requirements state that all the required role assignments for Application2 will be performed by the members of Project1admins. By assigning the Owner role to Project1admins in the new subscription, they will have full access to manage and control all resources within the new subscription, including the ability to perform role assignments for Application2.
Therefore, the proposed solution meets all of the specified requirements and is a valid recommendation for the role assignments of Application2. The correct answer is A. Yes.