Microsoft Azure Architect Design (AZ-304) Practice Test

To allow researchers the ability to create Azure virtual machines using specific Resource Manager templates, what is the recommended role assignment?

• A. Owner role on the Resource Group
• B. Contributor role on the Resource Group
• C. Reader role on the Resource Group
• D. Custom role with limited permissions

The correct answer is: Contributor role on the Resource Group

The Contributor role on the Resource Group is the appropriate role assignment for researchers who need to create Azure virtual machines using specific Resource Manager templates. This role provides users with the necessary permissions to manage resources within the group, including the ability to create, update, and delete resources. By granting the Contributor role, researchers can utilize the pre-defined Resource Manager templates to deploy virtual machines without having full administrative control over the resource group or the ability to change its overall permissions, which would be the case with the Owner role. The Contributor role strikes a balance, allowing users to perform the specific tasks they need—such as creating virtual machines—while preventing them from granting access to other users or modifying the resource group's settings. This is crucial in a research setting where collaboration and resource management need to coexist with security and governance best practices. Other roles, such as the Reader role, do not provide the necessary permissions to create or manage resources, which would limit the researchers' capabilities. A Custom role with limited permissions might not specifically include the permissions required to create virtual machines, depending on how it is defined. Therefore, choosing the Contributor role is both effective and ensures that researchers have the required access to perform their tasks efficiently.