Microsoft Identity and Access Administrator — Question 55
You have an Azure subscription that contains a resource group named RG1 and four users named User1, User2, User3, and User4.
You plan to assign the users the following roles for RG1:
• User1: Reader
• User2: Contributor
• User3: Storage Blob Data Reader
• User4: Virtual Machine Contributor
You are evaluating the use of attribute-based access control (ABAC).
Which user's role will support the use of ABAC?
Answer options
- A. User1
- B. User2
- C. User3
- D. User4
Correct answer: C
Explanation
The role of User3, Storage Blob Data Reader, is the only one that supports attribute-based access control (ABAC) because it allows for more granular permissions based on attributes. User1's Reader role and User2's Contributor role do not provide the necessary flexibility for ABAC, and User4's Virtual Machine Contributor role is also not compatible with ABAC.