Roles for Creating Resource Exemption in Azure Security Center

Correct Answers: B and D Option B & D are correct.

To create a resource exemption in ASC, your user account needs to be granted elevated access rights, such as Owner or contributor.

Option A & C are incorrect.

These roles don't have rights to exempt resources.

Reference:

The two roles that allow you to create a resource exemption in Azure Security Center are:

1. Security Admin: This role is responsible for managing security-related tasks in Azure. Security Admins have full control over Security Center settings and can create and manage resource exemptions.

2. Resource Policy Contributor: This role allows users to manage policies and initiatives in Azure. Resource Policy Contributors can create, update, and delete policies, as well as assign them to scopes. They can also create and manage resource exemptions.

Owners and Security Readers do not have the ability to create resource exemptions in Azure Security Center.

• Owner: This role has full access to all resources in the subscription and can manage access to resources. However, it does not have any specific security-related permissions in Security Center.

• Security Reader: This role is a read-only role that allows users to view security-related information in Security Center, but does not provide the ability to create or manage resource exemptions.