What are roles that allow you to manage regulatory compliance standards?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answers: A and C.
Option A & C are correct.
The minimum set of roles for accessing the dashboard and managing standards is Resource Policy Contributor and Security Admin.
Option B & D are incorrect.
To view compliance data, you need to have at least Reader access to the policy compliance data as well; so Security Reader or assessment alone won't suffice.
Reference:
Out of the given options, the role that allows you to manage regulatory compliance standards is the Security Admin role.
Explanation: Regulatory compliance standards are requirements that organizations must meet to comply with laws, regulations, and standards. Meeting these standards is essential to ensure that organizations are protecting sensitive data, preventing breaches, and avoiding legal and financial penalties.
In Azure, regulatory compliance standards can be managed using the Azure Policy service. Azure Policy is a service that allows administrators to create, assign, and manage policies that enforce different rules and effects over resources in Azure. Policies can be used to ensure that resources are compliant with regulatory standards, such as HIPAA, GDPR, and PCI DSS.
To manage regulatory compliance standards using Azure Policy, you need to have the appropriate roles and permissions. The Security Admin role is one of the roles that can manage regulatory compliance standards. This role allows administrators to manage security-related resources in Azure and to access security-related features and tools, including Azure Policy.
The Security Reader role is a more limited role that allows users to view security-related resources but not to modify them. The Resource Policy Contributor role allows users to create and manage policies but not to manage security-related resources. Finally, the Security Assessment role is a role specific to Azure Security Center that allows users to perform security assessments on resources but does not give them permission to manage policies or security-related resources.
Therefore, the correct answer to the given question is A. Security Admin.