You have a subscription with multiple resource groups. You need to apply the same RBAC role to users across all resource groups. What is the most efficient approach?

  1. Assign role at the subscription level ✓
  2. Create a management group and assign role there
  3. Use Azure Policy to assign roles
  4. Assign role to each resource group individually

Correct answer: Assign role at the subscription level

Option A is correct because assigning an RBAC role at the subscription level causes the role assignment to inherit down to all resource groups and resources within that subscription, which is the most efficient single action when uniform access across all resource groups is needed. Option B is incorrect because management groups are used to manage multiple subscriptions, not to efficiently apply roles within a single subscription's resource groups; using a management group here adds unnecessary complexity. Option C is incorrect because Azure Policy is used to enforce compliance rules and governance configurations, not to assign RBAC roles to users. Option D is incorrect because assigning the role individually to each resource group is the least efficient approach and is error-prone, requiring repeated manual action for every resource group.

Topic: · rbac, azure subscription, role assignment, iam

Practice Microsoft Azure Administrator (AZ-104) Questions Free