Manage Azure Virtual Desktop Workspace: Required Role for Access

Workspace Contributor Role

Prev Question Next Question

Question

You have been assigned the Workspace Contributor role for managing an Azure Virtual Desktop workspace but you don't have access to information about various applications in the workspace.

Which of the following role is required to get access? (Choose the best suitable option)

Answers

A. Application Group Reader

B. Host Pool Reader

C. Desktop Virtualization Reader

D. Desktop Virtualization contributor

E. Application Group Contributor.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answer: A

It is the Application Group Reader role that is needed to access information about the various applications in the workspace.

The Application Group Contributor would provide the user access beyond the requirements.

Here are the permissions, Application group Reader role can access:

Microsoft.DesktopVirtualization/applicationgroups/*/read
Microsoft.DesktopVirtualization/applicationgroups/read
Microsoft.DesktopVirtualization/hostpools/read
Microsoft.DesktopVirtualization/hostpools/sessionhosts/read
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Resources/deployments/read

Microsoft Authorization/*/read
Microsoft.Insights/alertRules/*

Microsoft.Support/*

Option A is correct.

Application Group Reader role will allow the user to get access to information about the various applications in the workspace.

Option B is incorrect.The Host Pool Reader role allows you to see everything in the host pool.

Option C is incorrect.

Desktop Virtualization Reader allows you to see everything in the deployment which is not our requirement.

Option D is incorrect.

The Desktop Virtualization Contributor role allows you to manage all aspects of the deployment.

Option E is incorrect.

The Application Group Contributor would provide the user access beyond the requirements.

The Workspace Contributor role provides the ability to manage the Azure Virtual Desktop workspace, such as creating and managing host pools, managing session hosts, and assigning users to desktops. However, this role does not provide access to information about the applications in the workspace.

To access information about the applications in the workspace, you need the Application Group Reader role. This role provides read-only access to the application groups in the workspace, allowing you to view the applications and application assignments.

The Host Pool Reader role provides read-only access to the host pools in the workspace, allowing you to view the properties of the host pool and session hosts.

The Desktop Virtualization Reader role provides read-only access to the desktop virtualization resources in the workspace, including host pools, session hosts, and virtual desktops.

The Desktop Virtualization Contributor role provides the ability to create and manage desktop virtualization resources in the workspace, including host pools, session hosts, and virtual desktops.

The Application Group Contributor role provides the ability to create and manage application groups in the workspace, including adding and removing applications and managing application assignments.

Therefore, the best suitable option to get access to information about various applications in the workspace would be the Application Group Reader role.

Prev Question Next Question