Skip to Content

AZ-104: How to understand inheritance order for scope in Azure

By: Author Alex Lim

Posted on

Categories Exam

Learn how to understand inheritance order for scope in Azure and why it is important for role-based access control and Azure Policy.

Table of Contents

Question

What is the inheritance order for scope in Azure?

A. Management group, Resource group, Subscription, Resource
B. Management group, Subscription, Resource group, Resource
C. Subscription, Management group, Resource group, Resource
D. Subscription, Resource group, Management group, Resource

Answer

B. Management group, Subscription, Resource group, Resource

Explanation

The inheritance order for scope is Management group, Subscription, Resource group, Resource. For example, if you assigned a Contributor role to a group at the Subscription scope level, it will be inherited by all Resource groups and Resources.

  • Scope is the set of resources that access applies to in Azure. Scope can be specified at four levels: management group, subscription, resource group, and resource. Each level of hierarchy makes the scope more specific. Lower levels inherit role permissions from higher levels.
  • Management group is the broadest (least specific) scope level that contains subscriptions and other management groups. Subscription is the next level that contains resource groups and resources. Resource group is the level that contains resources of the same type or purpose. Resource is the most specific (narrowest) scope level that represents an individual Azure service or component.
  • Therefore, the inheritance order for scope in Azure is from management group to subscription, from subscription to resource group, and from resource group to resource.

A is incorrect because the inheritance order for scope is Management group, Subscription, Resource group, Resource. For example, if you assigned a Contributor role to a group at the Subscription scope level, it will be inherited by all Resource groups and Resources.
C is incorrect because the inheritance order for scope is Management group, Subscription, Resource group, Resource. For example, if you assigned a Contributor role to a group at the Subscription scope level, it will be inherited by all Resource groups and Resources.
D is incorrect because the inheritance order for scope is Management group, Subscription, Resource group, Resource. For example, if you assigned a Contributor role to a group at the Subscription scope level, it will be inherited by all Resource groups and Resources.

Microsoft Azure Administrator AZ-104 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Administrator AZ-104 exam and earn Microsoft Azure Administrator AZ-104 certification.