Learn how to understand role definitions in Azure and the difference between role definitions, role assignments, and security principals.
Table of Contents
Question
What is a role definition in Azure?
A. A collection of permissions with a name that is assignable to a user, group, or application
B. The collection of users, groups, or applications that have permissions to a role
C. The binding of a role to a security principal at a specific scope, to grant access
Answer
A. A collection of permissions with a name that is assignable to a user, group, or application
Explanation
A role definition in Azure is a collection of permissions with a name that you can assign to a user, group, or application.
- A role definition is a collection of permissions that can be performed, such as read, write, and delete. It’s typically just called a role. Azure role-based access control (Azure RBAC) has several Azure built-in roles or you can create your own custom roles.
- The collection of users, groups, or applications that have permissions to a role is called a role assignment. A role assignment is the binding of a role to a security principal at a specific scope, to grant access. A security principal is an object that represents a user, group, service principal, or managed identity that is requesting access to Azure resources.
- Therefore, option A is the correct definition of a role definition in Azure.
B is incorrect because you can view role assignments to see the list of users, groups, or applications that have permissions to a role.
C is incorrect because a role assignment is the process of binding a role to a security principal at a particular scope, for the purpose of granting access.
Microsoft Azure Administrator AZ-104 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Administrator AZ-104 exam and earn Microsoft Azure Administrator AZ-104 certification.