AZ-104 – Question 49

0
1106
HOTSPOT –
You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements:
✑ Can be assigned only to the resource groups in Subscription1
✑ Prevents the management of the access permissions for the resource groups
✑ Allows the viewing, creating, modifying, and deleting of resources within the resource groups
What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer: 
Box 1: "/Subscription/c276fc76-9cd4-44c9-99a7-4fd71546436e"
Box 2: "Microsoft.Authorization/*

Reference: 
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles 
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftresources