Azure RBAS and Entra ID Roles Flashcards
What capabilities has a ‘Owner’ role in Azure RBAC?
Grants full access to manage all resources within the scope and also assign roles to users to manage resources within the scope.
Which role allows viewing all resources without making changes?
Reader
What is the responsibility of the ‘Contributor’ role?
Full access to manage all resources except role assignments.
What can the ‘User Access Administrator’ role manage?
Ability to assign roles and set RBAC permissions but can’t make changes to resources.
Which role is specifically used to manage Azure reservations?
Reservations Administrator
What permissions does the ‘Virtual Machine Contributor’ role provide?
Manage VMs, disks, software installation, password resets; excludes network and storage management.
What does the ‘Compute Gallery Artifacts Publisher’ role do?
Publishes gallery artifacts.
Which role allows managing classic networks but not accessing them?
Classic Network Contributor
What actions are allowed by the ‘Storage Blob Data Contributor’ role?
Read, write, and delete blob containers and data.
What is the responsibility of the ‘Backup Contributor’ role?
Manage backup services without creating vaults or assigning access.
Which role can manage Traffic Manager profiles but not control access?
Traffic Manager Contributor
What permissions does the ‘Elastic SAN Owner’ role have?
Full access to Azure Elastic SAN resources and security policies.
What is the role of ‘Desktop Virtualization Workspace Contributor’?
Manage the Desktop Virtualization Workspace.
What actions does ‘Azure Front Door Profile Reader’ role allow?
View profiles and endpoints without making changes.
Which role can create, modify, and delete media accounts in Azure?
Media Services Account Administrator
What permissions does the ‘DNS Zone Contributor’ role allow?
Manage DNS zones and records without controlling access.
What is the responsibility of the ‘SignalR App Server’ role?
Allows app server access to SignalR Service with AAD auth options.
Which role provides permissions to manage storage accounts?
Storage Account Contributor
What does the ‘Classic Storage Account Key Operator Service’ role allow?
List and regenerate keys for Classic Storage Accounts.
What is the responsibility of the ‘Azure Maps Data Contributor’ role?
Read, write, and delete access to map data in Azure Maps account.
Which role can submit and manage own jobs in Data Lake Analytics?
Data Lake Analytics Developer
What permissions does the ‘Network Contributor’ role allow?
Manage networks without access to them; excludes VM deployment.
What is the responsibility of the ‘Role Based Access Control Administrator’ role?
Manage access to resources by assigning roles in Azure RBAC.
Which role grants full access to manage reservations in a tenant?
Reservations Administrator
What permissions does ‘Virtual Machine Data Access Administrator’ provide?
Manage role assignments for VM Admin and User Login roles.
What is the primary role of ‘Azure Spring Cloud Config Server Contributor’?
Manage Azure Spring Cloud Config Server with full permissions.
What is the function of ‘Virtual Machine Administrator Login’?
View VMs and login as administrator.
What is the responsibility of the ‘Storage File Data SMB Share Contributor’?
Read, write, and delete access to files in Azure file shares.
Which role allows for read-only access to backup services?
Backup Reader
What is the function of ‘Desktop Virtualization Power On Off Contributor’?
Start and stop VMs in Azure Virtual Desktop.
What permissions does the ‘Private DNS Zone Contributor’ role provide?
Manage private DNS zones without linked virtual network control.
Which role can manage CDN profiles and endpoints?
CDN Profile Contributor
What is the function of ‘Elastic SAN Network Admin’?
Access to create private endpoints and read SAN resources.
What does the ‘Azure Maps Data Reader’ role allow?
Read access to Azure Maps data.
Which role allows viewing SignalR service access keys?
SignalR AccessKey Reader
What is the ‘Desktop Virtualization Application Group Contributor’ role responsible for?
Manage the Desktop Virtualization Application Group.
What actions are allowed by ‘Storage Queue Data Contributor’?
Read, write, and delete Azure Storage queues and messages.
What permissions does ‘Classic Storage Account Contributor’ provide?
Manage classic storage accounts without access to data.
What is the function of ‘Azure Front Door Domain Contributor’?
Manage Front Door domains without granting access.
Which role grants read access to Azure Front Door secrets?
Azure Front Door Secret Reader
What does the ‘Compute Gallery Sharing Admin’ role allow?
Share gallery to other subscriptions or tenants.
What is the ‘Elastic SAN Volume Group Owner’ role?
Full access to volume group in Elastic SAN including security policies.
What permissions does the ‘Storage Blob Data Owner’ role provide?
Full access to blob containers and data, including POSIX control.
What is the responsibility of the ‘Media Services Streaming Endpoints Administrator’ role?
Manage streaming endpoints in Media Services.
What does the ‘Traffic Manager Contributor’ role allow?
Manage Traffic Manager profiles without access control.
What actions does ‘Virtual Machine Local User Login’ role permit?
Login to VMs as a local user.
Which role provides manage access to media streaming policies?
Media Services Policy Administrator
What is the function of ‘Azure Spring Cloud Service Registry Reader’?
Read access to Azure Spring Cloud Service Registry.
What permissions does ‘Azure Spring Cloud Job Log Reader’ allow?
Read real-time logs for jobs in Azure Spring Apps.
