You are the architect of the ACME banking group. You have been tasked to manage role-based access control (RBAC) within the ACME.com Azure tenant. Within the ACME.com tenant, there are two subscriptions: one for production labeled “Prod_US” and one non-prod labeled “Sandbox”. ACME has the following requirements:
Requirement 1: You need to assign RBAC access to a third party so that they have to view the resources within the production subscription only.
Requirement 2: You need to assign RBAC access internally to the Azure team so that they are only allowed to manage backups but not remove any backups on both subscriptions.
Requirement 3: You need to assign RBAC access to the Dev manager so that he can manage user access to resources within the non-prod environment.
Requirement 4: You need to assign RBAC access to the lead Azure engineer to ensure he has the correct permissions to test failover operations quarterly.
What RBAC role should you assign for requirement 3?
User Access Administrator role on the Sandbox subscription is correct as this is the least privileged role to delegate access. Contributor role does not allow you to manage user access to Azure resources.