Learn the key differences between workspace-centric and resource-centric access modes in Azure Monitor. Understand how these modes impact log access, permissions, and user roles for effective Azure resource management.
Question
What is the difference between workspace-centric and resource-centric access modes?
A. Workspace-centric access modes are intended for administrators who need to configure data collection. Resource-centric access modes are intended for administrators of Azure resources being monitored.
B. In workspace-centric access modes, a user can view logs for only that resource in all tables they have access to. In resource-centric access modes a user can view all logs in the workspace that they have permissions to view.
C. Workspace-centric access modes are intended for administrators of Azure resources being monitored. Resource-centric access modes are intended for administrators who need to configure data collection.
D. In workspace-centric access modes, a user can view all logs in the workspace that they have permissions to access. In resource-centric access modes, a user can view logs for only the resources that they have access to.
Answer
D. In workspace-centric access modes, a user can view all logs in the workspace that they have permissions to access. In resource-centric access modes, a user can view logs for only the resources that they have access to.
Explanation
In Azure Monitor’s Log Analytics, workspace-centric and resource-centric access modes define how users interact with logs based on their permissions and the scope of their queries:
Workspace-Centric Access Mode
- Scope: Users can query all logs within a Log Analytics workspace, provided they have the necessary permissions for the workspace.
- Permissions: Access is determined by permissions granted at the workspace level. Users need explicit permissions to the workspace or specific tables within it.
- Use Case: Ideal for central administrators managing multiple resources or users needing broad access across various logs. This mode is also required when accessing logs for resources outside of Azure.
- Example: A user with access to a workspace can query logs from all resources sending data to that workspace.
Resource-Centric Access Mode
- Scope: Users can only query logs related to specific resources, resource groups, or subscriptions they have been granted access to.
- Permissions: Permissions are tied to the Azure resources themselves (e.g., read access). Workspace-level permissions are not required in this mode.
- Use Case: Designed for application teams or DevOps teams focusing on specific resources without needing visibility into unrelated data.
- Example: A user accessing logs via a resource menu in Azure Monitor will only see logs for that resource.
By understanding these distinctions, administrators can configure log access appropriately for different user roles and use cases, ensuring both security and efficiency in monitoring Azure resources
Developing Microsoft Azure AI Solutions skill assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Developing Microsoft Azure AI Solutions exam and earn Developing Microsoft Azure AI Solutions certification.