Microsoft Azure Administrator Associate AZ-104
Get started today
Ultimate access to all questions.
In an Azure subscription with a user 'User1' assigned roles including Storage Blob Data Reader, Storage Table Data Contributor, and Storage File Data SMB Share Contributor on a storage account 'storage1', which resources can 'User1' write to using a shared access signature 'SAS1' and the storage account key 'key1'?
In an Azure subscription with a user 'User1' assigned roles including Storage Blob Data Reader, Storage Table Data Contributor, and Storage File Data SMB Share Contributor on a storage account 'storage1', which resources can 'User1' write to using a shared access signature 'SAS1' and the storage account key 'key1'?
Explanation:
User1 can write to all resources in the storage account using 'key1' because storage account access keys provide full access to the configuration of a storage account, as well as the data. The roles assigned to User1 (Storage Blob Data Reader, Storage Table Data Contributor, and Storage File Data SMB Share Contributor) do not restrict access when using the account key. However, when using the SAS1, which has specific limited permissions, User1 can write only to 'Table1'. Therefore, the correct answer is that using 'key1', User1 can write to all resources in the storage account.