Learn how to create custom roles in Azure AD to finely tune and delegate permissions. Discover where and how you can effectively employ custom roles for enhanced security and access control.
Table of Contents
Question
You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contosos.com and a resource group named RG1.
You create a custom role named Role1 for contoso.com.
You need to identify where you can use Role1 for permission delegation.
What should you identify?
A. contoso.com only
B. contoso.com and RGT only
C. contoso.com and Subscription1 only
D. contoso.com, RG1, and Subcription1
Answer
D. contoso.com, RG1, and Subcription1
Explanation
A custom role is a role that you create to define your own set of permissions for Azure resources. You can assign custom roles to users, groups, and service principals at different levels of scope, such as management group, subscription, resource group, or resource. Custom roles are stored in an Azure Active Directory (Azure AD) tenant and can be shared across subscriptions that trust the same tenant.
In this case, the custom role named Role1 is created for the Azure AD tenant named contoso.com. This means that Role1 can be used for permission delegation within contoso.com and any subscriptions or resource groups that belong to contoso.com. Therefore, you can use Role1 for permission delegation in contoso.com, Subscription1, and RG1.
Reference
- Azure > Role-based access control > Azure custom roles
The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
