You are reviewing role assignments in your company's Azure Active Directory (Azure AD) tenant.
You have role assignments in a resource group named rg1. The role assignments are shown in the exhibit.
You need to determine which users can create a virtual network in rg1.
Which users can create a virtual network in rg1?
The users that can create a virtual network in rg1 are admin and userA only. The admin user is associated with the Owner built-in role and can create any resource in this subscription, including a virtual network. UserA can also create a virtual network because it is associated with the Network Contributor role, but only in this resource group.
UserB cannot create a virtual network in rg1. The Security Assessment Contributor role allows userB to push assessments to Security Center.