You are configuring Azure Active Directory (Azure AD) authentication for an Azure Storage account named storage1.
You need to ensure that the members of a group named Group1 can upload files by using the Azure portal. The solution must use the principle of least privilege.
Which two roles should you configure for storage1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Storage Account Contributor

B. Storage Blob Data Contributor

C. Reader

D. Contributor

E. Storage Blob Data Reader






 

Suggested Answer: BC

To access blob data in the Azure portal with Azure AD credentials, a user must have the following role assignments:
* A data access role, such as Storage Blob Data Reader or Storage Blob Data Contributor
* The Azure Resource Manager Reader role, at a minimum
The Reader role is an Azure Resource Manager role that permits users to view storage account resources, but not modify them. It does not provide read permissions to data in Azure Storage, but only to account management resources. The Reader role is necessary so that users can navigate to blob containers in the Azure portal.
Note: in order from least to greatest permissions:
The Reader and Data Access role -
The Storage Account Contributor role
The Azure Resource Manager Contributor role
The Azure Resource Manager Owner role
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access

This question is in AZ-104 Exam
For getting Azure Administrator Associate Certificate