Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You manage an Azure subscription that contains multiple resource groups. Internal auditors require that a new security team be able to view existing Azure role assignments and change who has access to any resource, but the team must not be allowed to create, modify, or delete the resources themselves. Which built-in Azure role should you assign to the security team at the subscription scope to meet the requirement?
The User Access Administrator role includes the Microsoft.Authorization/* actions that let a principal read existing role assignments and create, update, or delete role assignments and custom role definitions. Because this role does not grant permissions to create, update, or delete Azure resources, it satisfies the need to manage access without permitting resource modifications. The Owner role would also allow access management but additionally grants full control over all resources, which exceeds the requirement. Contributor allows resource management but cannot grant or revoke access. Reader is limited to read-only actions and cannot change role assignments. Therefore, assigning the User Access Administrator role at the subscription scope is the correct choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the User Access Administrator role in Azure?
Open an interactive chat with Bash
How does the User Access Administrator role differ from the Owner and Contributor roles?
Open an interactive chat with Bash
At what scope can the User Access Administrator role be assigned in Azure?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .