Learn which Azure roles, such as Storage Blob Data Contributor and Storage Blob Data Owner, enable you to assign conditional access to blob data within an Azure storage account.
Table of Contents
Question
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains blob data.
You need to assign a role to a user named User1 to ensure that the user can access the blob data in storage1. The role assignment must support conditions.
Which two roles can you assign to User1? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Owner
B. Storage Account Contributor
C. Storage Account Backup Contributor
D. Storage Blob Data Contributor
E. Storage Blob Data Owner
F. Storage Blob Delegator
Answer
The two roles that allow you to assign a user access to blob data in an Azure storage account, while also supporting conditions, are:
D. Storage Blob Data Contributor
E. Storage Blob Data Owner
Explanation
The Storage Blob Data Contributor role allows a user to read, write and delete Azure Storage blob containers and blobs. It also supports assigning conditions to further restrict access.
The Storage Blob Data Owner role allows a user full access to Azure Storage blob containers and data, including assigning POSIX access control. It too supports conditional assignment.
The other roles mentioned are not suitable because:
A. Owner – Provides full access to all resources in the subscription, not just the storage account. Overkill for this requirement.
B. Storage Account Contributor – Allows managing the storage account itself, but does not provide access to the data within it.
C. Storage Account Backup Contributor – Allows backup and restore of the storage account, but does not grant data access.
F. Storage Blob Delegator – Allows a user to assign permissions to others, but does not itself grant blob data access.
Therefore, the Storage Blob Data Contributor and Storage Blob Data Owner roles are the appropriate choices to conditionally grant a user access to blob data in the storage1 account.
Microsoft AZ-104 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-104 exam and earn Microsoft AZ-104 certification.