You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
✑ Reader
✑ Security Admin
✑ Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?
- A. Remove User1 from the Security Reader and Reader roles for Subscription1.
- B. Assign User1 the User Access Administrator role for VNet1.
- C. Assign User1 the Network Contributor role for VNet1.
- D. Assign User1 the Network Contributor role for RG1.
Correct Answer: B
Has full access to all resources including the right to delegate access to others.
Note:
There are several versions of this question in the exam. The question can have other incorrect answer options, including the following:
1. Name Server (NS)
2. Assign User1 the Contributor role for VNet1.
3. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview