You have an Azure subscription that contains several resource groups. Including a resource group named RG1. RG1 contains several business-critical resources.
A user named admin1 is assigned the Owner role to the subscription.
You need to prevent admin1 from modifying the resources in RG1. The solution must ensure that admin1 can manage the resources in the other resource groups.
What should you use?

A. a management group

B. an Azure policy

C. a custom role

D. an Azure blueprint








 

Suggested Answer: C

Role-based access control (RBAC) focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to that resource group.
Incorrect Answers:
A: If your organization has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions.
B: There are a few key differences between Azure Policy and role-based access control (RBAC). Azure Policy focuses on resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default allow and explicit deny system.
D: Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

This question is in AZ-301 Microsoft Azure Architect Design Exam
For getting Microsoft Certified: Azure Solutions Architect Expert Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.