Exam AZ-400 topic 4 question 73 discussion

Group1: Org-level Admin Group2: Project-level Admin Group3: User The organization-level Administrator can do the following administrative tasks: - Manage organization-level users - Edit all the fields of a service connection - Share and unshare a service connection with other projects https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#organization-level-permissions The project-level Administrator can do the following tasks: - Manage other users and roles at the project-level - Rename a service connection and update the description - Delete a service connection, which removes it from the project https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#project-level-permissions A User can: - Use the service connection when authoring build or release pipelines or authorize yaml pipelines https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#user-permissions

Apologies for the confusion. You're correct. Here's the corrected assignment: Group1: Organization-level Administrator - The Organization-level Administrator role allows members to share and unshare a service connection with other projects. Group2: Creator - The Creator role allows members to rename a service connection and update the description. Group3: User - The User role allows members to use the service connection within build or release pipelines. This setup follows the principle of least privilege, as each group is only granted the permissions necessary for their specific tasks.

Group1: Project Administrator Reason: Members need to share and unshare service connections with other projects, which requires administrative privileges at the project level. Group2: Contributor Reason: Members need to rename a service connection and update its description. Contributors have the necessary permissions to manage service connections without full administrative rights. Group3: User Reason: Members need to use the service connection within build or release pipelines. Users have the necessary permissions to access and use service connections in pipelines.

Project-level Administrator Contributor User

project-level Administrator Contributor User

1.Contributor The Contributor role allows members to manage resources, including sharing and unsharing service connections across projects. This role has sufficient privileges for managing service connections but not for more administrative tasks. 2. Project-level Administrator Project-level Administrators can manage various project settings, including renaming and updating descriptions of service connections. This role provides the necessary administrative capabilities specific to the project without granting broader administrative privileges. 3. User Users can utilize the service connections within build or release pipelines. This role ensures they can access the resources needed for their tasks without having permissions to alter the configurations of the service connections.

Contributor Creator User With the "Contributor" permission you can share and unshare service connections with other projects. Keep in mind the principle of least privilege. https://learn.microsoft.com/en-us/azure/devops/organizations/security/permissions?view=azure-devops&tabs=preview-page#groups