Exam-Answer

Home / Microsoft / AZ-300 / Question 70

Prev Question
Next Question

Question 70

You must create a custom role that allows these operations:

* Read data from a blob but not write data to the blob

* Display a list of containers

To define the role, you must assign permissions to these operations.

What permissions should you use?

PLACEHOLDER 1: Read data from a blob

PLACEHOLDER 2: Exclude write data to a blob

PLACEHOLDER 3: Display a list of containers

Select correct placeholder values.

Answers


Advertisement

Explanation (click to expand)

You should use the DataActions permission element to allow reading data from a blob because this is a data-related operation. The DataActions permission specifies the data operations that the role allows to be performed to the data within that object.

You should use the NotDataActions permission element to exclude writing data to the blob. The NotDataActions permission specifies the data operations that are excluded from the allowed DataActions. The access granted by the role is computed by subtracting the NotDataActions operations from the DataActions operations. The NotActions permission element is used for management operations. The NotActions permission specifies the management operations that are excluded from the allowed Actions. You should use the NotActions permission if the set of operations that you want to allow is more easily defined by excluding restricted operations. The access granted by a role is computed by subtracting the NotActions operations from the Actions operations.

You should use the Actions permission element to allow displaying a list of containers because this operation is related to management instead of data. The Actions permission specifies the management operations that the role allows to be performed. It is a collection of operation strings that identify securable operations of Azure resource providers.

References (click to expand)

Prev Question
Next Question

Load more