Storage Blob Data Contributor Role at Container Level: Permissions and Access | Exam DP-203 Microsoft Azure

Storage Blob Data Contributor Role

Prev Question Next Question

Question

You have been assigned the Storage Blob Data Contributor role at a container level.

Here are two statements regarding this: You have been granted write, read, and delete access to all blobs in that container. You can view a blob within Azure portal. Which of the above-given statements are true?

Answers

A. Only a

B. Only b

C. Both a and b

D. None.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A

If the Storage Blob Data Contributor role is assigned to a user at the container level, titled sample-container, and the user is granted write, read, and delete permission to the blobs present in that specific container.

But Storage Blob Data Contributor role itself does not provide enough permission to navigate to reach the blob through the Azure portal for view purposes.

Extra permission is needed in order to perform a navigation through the Azure portal and see the additional resources which are available or visible there.

Option A is correct.

Storage Blob Data Contributor role at container level grants the write, read, and delete permission for all the blobs in that container.

Option B is incorrect.

With only the Storage Blob Data Contributor role, you can't perform navigation to the blobs via Azure portal.

Therefore, statement a is correct while statement b is incorrect.

Option C is incorrect.

Statement b is incorrect.

Option D is incorrect.

Statement a is correct while statement b is incorrect.

To know more about assigning Azure roles for data access, please visit the below-given link:

The correct answer is C - Both a and b are true.

As a Storage Blob Data Contributor at the container level, you have been granted the following permissions:

Read access to all blobs in the container: This allows you to view the contents of any blob within the container.
Write access to all blobs in the container: This allows you to add new blobs to the container, modify the contents of existing blobs, and update blob metadata.
Delete access to all blobs in the container: This allows you to remove blobs from the container.

Therefore, statement a is true - you have been granted write, read, and delete access to all blobs in the container.

As a Storage Blob Data Contributor, you can view a blob within the Azure portal. This is because the Storage Blob Data Contributor role has the "Microsoft.Storage/storageAccounts/blobServices/blobs/read" permission, which allows you to read the contents of blobs within the container.

Therefore, statement b is also true - you can view a blob within the Azure portal.

In summary, both statements are true. As a Storage Blob Data Contributor at the container level, you have been granted full access to all blobs within the container, including the ability to view, modify, and delete them, as well as the ability to view blobs within the Azure portal.

Prev Question Next Question