Ensuring Client Permissions for Data Access
Question
To access data in your establishment storage account, your client makes requests over HTTPS or HTTP.
Every request to a secure resource must be authorized.
Which of the following services would you use to ensure that the client has the required permission to access the data? (Choose the most suitable option)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer: D
The most suitable option is role-based access.
Azure Storage supports role-based access control (RBAC) and Azure Active Directory for both resource management and data operations.
To security principals, RBAC roles can be assigned that are scoped to the storage account.
Active Directory(AD) should be used to authorize resource management operations like configuration.
AD is supported for data operations on Queue and blob storage.
To a security principal or a managed identity for Azure resources, you can use role-based access control (RBAC) roles that are scoped to a resource group, a subscription, a storage account, or an individual queue or container.
Option A is incorrect.
Private Link is not the right choice.
Option B is incorrect.
As clear from the explanation, Azure AD is not the best choice.
Option C is incorrect.
RBAC should be used in the given scenario.
Option D is correct.To a security principal or a managed identity for Azure resources, you can use role-based access control (RBAC) roles that are scoped to a resource group, a subscription, a storage account, or an individual queue or container.
Option E is incorrect.
Encryption is not the correct option as it is used for the protection of sensitive data/information.
To know more about role-based access control, please visit the below-given link:
To ensure that clients have the required permission to access data in a storage account, you would use Role-Based Access Control (RBAC) in Azure.
RBAC allows you to define specific roles that have access to specific resources, such as storage accounts, and to assign users or groups to those roles. This way, you can control who has access to your data and what actions they can perform on it.
To implement RBAC for your storage account, you would first create a role assignment. This involves specifying a role, such as Reader or Contributor, and assigning it to a user or group. You can also create custom roles with specific permissions if the built-in roles don't meet your needs.
Once you've created the role assignment, the user or group can access the storage account using their Azure AD credentials. When they make requests over HTTPS or HTTP, the RBAC system checks their permissions against the defined roles and allows or denies the request accordingly.
Private Link is not the best choice for this scenario as it is a way to access Azure resources privately over a private endpoint in a virtual network. It is not related to authorization and access control.
Azure AD can be used for authentication, but it is not directly related to authorization and access control.
Key Vault is a service that helps safeguard cryptographic keys and secrets used by cloud applications and services. It is not directly related to authorization and access control for storage accounts.
Encryption is a method of protecting data at rest or in transit by converting it into an unreadable format that can only be accessed with the correct decryption key. It is not directly related to authorization and access control for storage accounts.
