Microsoft Azure Security Technologies — Question 48
You have an Azure subscription that uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
A PIM user that is assigned the User Access Administrator role reports receiving an authorization error when performing a role assignment or viewing the list of assignments.
You need to resolve the issue by ensuring that the PIM service principal has the correct permissions for the subscription. The solution must use the principle of least privilege.
Which role should you assign to the PIM service principle?
Answer options
- A. Contributor
- B. User Access Administrator
- C. Managed Application Operator
- D. Resource Policy Contributor
Correct answer: B
Explanation
The correct answer is B, User Access Administrator, as this role allows the PIM service principal to manage role assignments effectively. Other options such as Contributor and Resource Policy Contributor provide broader permissions than necessary, while Managed Application Operator is irrelevant to role assignments in this context.