Exam DP-420 topic 1 question 1 discussion

I think it will be "Role-based access control" as Resouce Token doesn't cooperate with AD, regarding second part - ARM is correct

RBAC is the answer.

RBAC and AzureRM API

Correct selections are: Role-Based Access Control (RBAC) SQL (Core) API RBAC allows you to manage access to Azure resources, ensuring that DevUser1 has the necessary permissions to create containers in the Azure Cosmos DB Core (SQL) API account. Once permissions are granted, DevUser1 can use the SQL (Core) API to create containers.

first is RBAC: Azure Cosmos DB RBAC is the ideal access control method in situations where: - You want to use Microsoft Entra identities to authenticate your requests.

RBAC/ARM https://learn.microsoft.com/en-us/azure/cosmos-db/audit-control-plane-logs#disable-key-based-metadata-write-access ・After you set this property, changes to any resource can happen from a user with the proper Azure role and credentials. ・After the disableKeyBasedMetadataWriteAccess is turned on, if the SDK based clients run create or update operations, an error "Operation 'POST' on resource 'ContainerNameorDatabaseName' is not allowed through Azure Cosmos DB endpoint is returned. You have to turn on access to such operations for your account, or perform the create/update operations through Azure Resource Manager, Azure CLI or Azure PowerShell.

RBAC SQL API

For me is Azure Resource Manager API. When disableKeyBasedMetadataWriteAccess is set to true, the metadata operations issued by the SDK are blocked. Alternatively, you can use Azure portal, Azure CLI, Azure PowerShell, or Azure Resource Manager template deployments to perform these operations.

Correct Answer Should be. Grant permission to create containers by using: Role-based access control (RBAC) Create containers by using: SQL (Core) API

More likely to be SQL (Core) API. Permission for Cosmos is required whereas Azure Resource Manager would need portal permissions.