Role Assignment Inheritance — Microsoft Azure Solutions Architect (AZ-305) Practice Questions
Role assignment inheritance is the mechanism by which RBAC permissions granted at a higher scope, such as a management group or subscription, automatically apply to all child scopes including resource groups and individual resources. The AZ-305 exam tests understanding of this inheritance model so architects can predict effective permissions and avoid unintended over-permissioning when designing access strategies. Denying access at a lower scope is not possible with RBAC alone, making careful placement of role assignments at the correct scope a critical design consideration. Architects should also know how Azure AD Privileged Identity Management can provide just-in-time elevation to complement the static inheritance model.