Hi @Kieran Wood
Thank you for reaching out to the Microsoft Q&A platform.
The Azure Kubernetes Service Cluster Admin role provides permissions to list cluster admin credential actions only. It does not provide permissions to modify AKS roles within an AKS cluster.
To ensure that a user has permissions to view and modify AKS roles within an AKS cluster, you should assign the "Azure Kubernetes Service RBAC Writer Role". This role allows the user to create, read, update, and delete role assignments and role definitions within an AKS cluster. This role is appropriate for users who need to manage role-based access control (RBAC) for an AKS cluster, but do not need full administrative access.
Therefore, the correct answer to the question "You are designing a solution that uses Azure Kubernetes Service (AKS). You need to ensure that a user has permission to view and modify AKS roles within an AKS cluster. The solution must follow the principle of least privilege. Which built-in role should you assign to the user?" is "Azure Kubernetes Service RBAC Writer Role".
Ref: https://learn.microsoft.com/en-us/azure/aks/concepts-identity#built-in-roles
If I have answered your query, please click "Accept as answer" as a token of appreciation