You are the architect of the ACME banking group. You have been tasked to manage role-based access control (RBAC) within the ACME.com Azure tenant. Within the ACME.com tenant, there are two subscriptions: one for production labeled “Prod_US” and one non-prod labeled “Sandbox”. ACME has the following requirements:
Requirement 1: You need to assign RBAC access to a third party so that they have to view the resources within the production subscription only.
Requirement 2: You need to assign RBAC access internally to the Azure team so that they are only allowed to manage backups but not remove any backups.
Requirement 3: You need to assign RBAC access to the Dev manager so that he can manage user access to resources.
Requirement 4: You need to assign RBAC access to the lead Azure engineer to ensure he has the correct permissions to test failover operations quarterly.
What RBAC role should you assign for requirement 1?
Reader role on the Prod_US subscription is correct as the requirement is to only view all resources within the production subscription. User Access Administrator is incorrect because this will role allows you to manage user access to Azure resources.