Microsoft Azure Administrator — Question 130
You are configuring Azure Active Directory (Azure AD) authentication for an Azure Storage account named storage1.
You need to ensure that the members of a group named Group1 can upload files by using the Azure portal. The solution must use the principle of least privilege.
Which two roles should you configure for storage1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer options
- A. Storage Account Contributor
- B. Storage Blob Data Contributor
- C. Reader
- D. Contributor
- E. Storage Blob Data Reader
Correct answer: B, C
Explanation
The correct roles are Storage Blob Data Contributor and Reader. The Storage Blob Data Contributor role permits users to upload files, while the Reader role allows them to view the storage account without providing unnecessary permissions. The other options either grant excessive permissions or do not allow file uploads.