A platform administrator has added a secret scope new$-$secret$-$scope to integrate with upstream REST APIs used by the entire data organization. The administrator now wants to restrict access on that secret scope so that all users in the group all$-$users can read the secrets but cannot write the secret.

Which of the following approaches can be used by the platform administrator to complete this task? Select two responses.

Put a new secret ACL using the Secrets API $2\mathrm{.}0$ with the following JSON: $\{"$scope$"$: "new$-$secret$-$scope", "principal": "all$-$users", "permission": "READ"$\}$Put a new secret ACL using the Secrets API $2\mathrm{.}0$ with the following JSON: $\{"$scope$"$: "new$-$secret$-$scope", "principal": "all$-$users", "permission": "WRITE"$\}$Put a new secret ACL using the Secrets API $2\mathrm{.}0$ with the following JSON: $\{"$scope$"$: "new$-$secret$-$scope", "group": "all$-$users", "permission": "MANAGE"$\}$Put a new secret ACL using the Databricks CLI with the following command: databricks secrets put$-$acl $--$scope new$-$secret$-$scope $--$principal all$-$users $--$permission readPut a new secret ACL using the Databricks CLI with the following command: databricks secrets put$-$acl $--$scope new$-$secret$-$scope $--$group all$-$users $--$permission manage