You are configuring role-based access for an Azure Container Registry instance. The role should allow one to pull and push images onto the Azure container registry. Which of the following can be used , ensuring the principle of least privilege is maintained?