DP-203 Certification Practice Question #233

Question

You have an Azure Data Lake Storage Gen2 account named account1 that contains the resources shown in the following table.

You need to configure access control lists (ACLs) to allow a user named User1 to delete File1. User1 is NOT assigned any role-based access control (RBAC) roles for account1. The solution must use the principle of least privilege.

Which type of ACL should you configure for each resource? To answer select the appropriate options in the answer area.

Accepted Answer

This question is another variant of the same RBAC pattern: grant read-only blob access only where needed. Microsoft Learn and the dump both point to `Storage Blob Data Reader` scoped to the container rather than the whole account. That keeps permissions tight and satisfies the scenario.

More DP-203 practice questions