Learn how to follow the principle of least privilege when granting Azure Pipelines permissions. See an example of providing stage-level access to allow a user to delete a temporary stage after testing is complete.
Table of Contents
Question
You have an Azure Pipelines pipeline named Pipeline1 and a user named User1. Pipeline1 contains a temporary final stage named final1.
You need to ensure that User1 can delete final1 when testing is complete. The solution must follow the principle of least privilege.
At which level should you grant permissions to User1?
A. pipeline
B. organization
C. stage
D. project
Answer
C. stage
Explanation
To ensure User1 can delete the temporary final stage named final1 in the Azure Pipelines pipeline Pipeline1 once testing is finished, while following the principle of least privilege, you should grant permissions to User1 at the stage level (Choice C).
The principle of least privilege dictates that a user should be granted the minimum permissions needed to perform their required tasks, and no more. Granting permissions at the pipeline, organization, or project level (Choices A, B, and D) would give User1 overly broad access beyond just being able to delete the final1 stage.
Instead, providing stage-level permissions scopes User1’s access to only the final1 stage itself. This allows them to delete that stage as needed after testing, without having rights to modify other aspects of the pipeline or project that they don’t need access to.
In summary, to adhere to least privilege, grant User1 stage-level permissions so they can delete the temporary final1 stage in Pipeline1 once it has served its purpose for testing, while avoiding granting them unnecessary access to the rest of the pipeline or project.
Microsoft AZ-400 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-400 exam and earn Microsoft AZ-400 certification.