nerdexam
Microsoft

AZ-400 · Question #453

Drag and Drop Question You have a GitHub organization that contains three users named User1, User2, and User3. You have a project that contains a repository named repo1. You need to configure permissi

The correct answer is Write; Triage; Maintain. User1 needs 'Write' access to actively push code to repo1, as Write is the minimum role that allows pushing commits. User2 needs 'Triage' access, which grants the ability to manage issues and pull requests (label, close, reopen, assign) without write access to the code itself. Us

Submitted by anna_se· Mar 6, 2026Configure and manage source control - specifically assigning and managing GitHub repository roles and permissions within a GitHub organization to enforce least-privilege access.

Question

Drag and Drop Question You have a GitHub organization that contains three users named User1, User2, and User3. You have a project that contains a repository named repo1. You need to configure permissions for repo1. The solution must meet the following requirements: - Ensure that User1 can actively push to repo1. - Ensure that User2 can manage issues and pull requests for repo1. - Ensure that User3 can manage repo1. - Prevent User3 from accessing sensitive data in repo1. Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer:

Exhibit

AZ-400 question #453 exhibit

Answer Area

Drag items

AdminMaintainReadTriageWrite

Correct arrangement

  • Write
  • Triage
  • Maintain

Explanation

User1 needs 'Write' access to actively push code to repo1, as Write is the minimum role that allows pushing commits. User2 needs 'Triage' access, which grants the ability to manage issues and pull requests (label, close, reopen, assign) without write access to the code itself. User3 needs 'Maintain' access rather than 'Admin' because Maintain allows managing the repository (settings, branches, webhooks, etc.) while explicitly preventing access to sensitive data such as repository secrets and security alerts - Admin would expose those sensitive settings, violating the requirement.

Topics

#GitHub Repository Permissions#Role-Based Access Control#GitHub Organizations#Repository Management

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice