Exam AZ-104 topic 6 question 29 discussion

I think the answers should be: N N N 1. User1 can sign in to VM1 No User1 is assigned as Virtual Machine Contributor in MG1. And Virtual Machine Contributor can't log in to VM as a regular user. 2. User2 can manage disks and disk snapshots of VM1 No Since User2 only has Virtual Machine User in Sub1, so he can log in to VM1 but can't manage disks or snapshots 3. User2 can manage disks and disk snapshots of VM3 No Virtual Machine Contributor only has permission to manage disks, but not disk snapshots (Disk Snapshot Contributor permission)

N - effective rights are virtual machine contributor. This doesn't grant login. N - effective rights are virtual machine login. This doesn't grant disk management. N - effective rights are virtual machine contributor. This does not grant snapshot access.

This question was exam on dated -23 Jan 2025 Yes No No

User1 CAN sign/log in to VM1 Virtual Machine Contributor: Microsoft.Compute/virtualMachines/* Virtual Machine User Login: Microsoft.Compute/virtualMachines/login/action Meaning it can log in to a virtual machine as a regular user because * means everything included

WRONG.. No No No

N N N User1 can sign in VM1 = no (user 1 user login is Sub2, RG2 only VM2 n VM3 ) User2 can manage disks and disk snapshots of VM1 = no (because only Disk Snapshot Contributor can) User2 can manage disks and disk snapshots of VM3 = no (because only Disk Snapshot Contributor can)

The Virtual Machine Contributor role does not include permissions to manage disk snapshots. Instead, the Disk Snapshot Contributor role is specifically designed to manage disk snapshots.

Yes No

This was on my exam, I picked Y N N. The first answer is Y because of the following reasons: Virtual Machine Contributor role permission: Microsoft.Compute/virtualMachines/* Virtual Machine User Login role permission: Microsoft.Compute/virtualMachines/login/action References: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-user-login

VM Contributor DOESN'T allow to login to a VM or to manage Disk Snapshot. Therefor, N N N Source: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor

Some of you really need to ACTUALLY read the RBAC docs... 1. Y - Virtual Machine Contributor (NOT CLASSIC) has "Microsoft.Compute/virtualMachines/*" 2. N 3. N

User2 can manage disks and disk snapshots of VM3: User2 has been assigned the role of "Virtual Machine Contributor" for MG2 and "Virtual Machine User Login" for VM3 specifically. As a "Virtual Machine Contributor", User2 would have permissions to manage VM resources including disks and snapshots. Since VM3 is in RG2, and assuming RG2 is under MG2, User2 should be able to manage disks and disk snapshots for VM3. Answer: Yes

N,N,Y 1. User1 signing in to VM1: User1 has the "Virtual Machine Contributor" role assigned at the management group level for MG1, which includes Sub1 where VM1 resides. The "Virtual Machine Contributor" role allows managing virtual machines but does not grant permission to log in to them​1​. However, User1 doesn't have the "Virtual Machine User Login" role assigned for Sub1 or VM1, which is necessary to log into VM1.

Microsoft reference page: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor Quoting: "Virtual Machine Contributor" "Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC." "Role id: 9980e02c-c2be-4d73-94e8-173b1dc7cf3c". You need some sort of access in order to be able to install and run software. Conclusion: a VM contributor can login to the VM

N N N , All No!

Please find my finds, If it is not correct, please correct it Yes -> User1 can sign in to VM1 -> Because User1 is Virtual Machine contributor at Management Group, MG1 level NO -> User2 can manage disks and disk snapshots of VM1 -> Because User2, virtual machine contributor is at MG2 level. Yes -> Users2 can manage disks and disk snapshots of VM3 -> Because User is virtual machine contributor at MG2 level.

I think the correct answers are 3 N N N. Here is why: NO - Virtual machine contributor role lets you manage virtual machines, but not access them. User 1 has login to virtual machines on Sub1 not subscription 2. NO - To manage disk snapshots you need: disk snapshot contributor role. User2 doesn't have that role. Ref: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#all https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#disk-snapshot-contributor