Assigning Built-in Role for Running Experiments on Azure ML Workspace

Correct Answer: C.

Option A is incorrect because the Owner role has full access to the workspace including creating and deleting any assets.

This is the highest privilege on the workspace and it should not be granted to a wider group of users.

Option B is incorrect because assignees to the Reader role cannot create or update any assets within the workspace.

Option C is CORRECT because it is the Contributor role that gives access to the necessary assets for the users who need to run experiments, while keeping their privileges as limited as possible.

Option D is incorrect because “Writer” is not a valid built-in role in Azure ML.

Reference:

The appropriate built-in role for this scenario is the "Reader" role.

Here's why:

Azure provides four built-in roles that you can assign to users or groups to manage access to machine learning resources within a workspace. These roles are:

1. Owner - this role has full access to all resources within a workspace, including the ability to modify role assignments.

2. Contributor - this role can create and manage resources within a workspace, but cannot modify role assignments.

3. Reader - this role can view resources within a workspace, but cannot create or modify resources, or modify role assignments.

4. Writer - this role can create and manage resources within a workspace, but cannot modify role assignments or access keys.

In the scenario described in the question, the users need to be able to run experiments, which implies that they need to be able to create and manage resources within the workspace. However, the question also states that the users must not be able to modify role assignments.

Given these requirements, the appropriate role to assign to the users is the "Reader" role. This role allows users to view resources and run experiments, but does not grant them the ability to create or modify resources or modify role assignments.

Therefore, the correct answer is B. Reader.