Answer-first summary for fast verification
Answer: Synapse User
## Analysis of Role Requirements To determine the appropriate role for User1 to review Azure Synapse Analytics database templates from the gallery while following the principle of least privilege, we need to examine the capabilities of each available role: ### Role Capabilities Breakdown: **A. Storage Blob Data Contributor** - **Purpose**: Manages blob storage operations (read, write, delete) - **Relevance to Synapse Templates**: This role provides no access to Synapse Analytics workspace resources or database templates - **Suitability**: ❌ Not suitable - completely unrelated to Synapse template viewing **B. Synapse Administrator** - **Purpose**: Full administrative control over the Synapse workspace - **Permissions**: Can create, modify, delete all workspace resources including databases, pipelines, and notebooks - **Suitability**: ❌ Not suitable - provides excessive permissions beyond template viewing, violating least privilege **C. Synapse Contributor** - **Purpose**: Broad resource management capabilities within the workspace - **Permissions**: Can create and manage databases, artifacts, and workspace resources - **Suitability**: ❌ Not suitable - while it can view templates, it provides unnecessary create/manage permissions **D. Synapse User** - **Purpose**: Designed for users who need to interact with workspace resources without administrative capabilities - **Permissions**: Specifically includes the ability to view database templates, explore resources, and perform user-level actions - **Suitability**: ✅ **Optimal choice** - provides exactly the required permission (template viewing) without additional administrative capabilities ### Principle of Least Privilege Application: The principle of least privilege requires granting only the minimum permissions necessary to perform the required task. For simply reviewing database templates: - **Synapse User** provides the specific capability to view templates - It does not grant database creation, modification, or deletion permissions - It prevents accidental or intentional changes to workspace resources - It maintains security while enabling the required functionality ### Conclusion: **Synapse User (Option D)** is the correct choice because it specifically enables template viewing capabilities while adhering to the principle of least privilege by not granting unnecessary administrative or modification permissions.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have an Azure subscription containing an Azure Synapse Analytics workspace and a user named User1.
You need to grant User1 the ability to view the Azure Synapse Analytics database templates from the gallery. The solution must adhere to the principle of least privilege.
Which role should you assign to User1?
A
Storage Blob Data Contributor.
B
Synapse Administrator
C
Synapse Contributor
D
Synapse User
No comments yet.