Role Based Access Control (RBAC)

• RBAC can be applied at
  • Subscription
  • Resource Group
  • Resource
• Three Popular Roles
  • Owner:
    • Anything
  • Contributor
    • Everything apart from giving permissions to others
  • Reader
    • Has only view permissions
• There are many built in roles in Azure Refer Here
• Every Subscription/Resource Group/Resource will have Identity and Access Management, Assign roles at the level which is required
• We have
  • Role Assingnments (Multiple roles to the user if necessary)
  • Deny Role Assignments
  • Roles (Applicable Roles)
• Refer Here
• RBAC Limits

Exercise: 1

• Create a user and give him permission as a Reader at subscription level. Now go to any Resource Group and make him contributor.

Custom RBAC Policy

• Custom Policy is all about writing a json file with following sections
  • Name: Name of your Role
  • IsCustom: true always for Custom Role
  • Description: Any text describing the purpose
  • Action: Actions permitted to the users
  • Not Actions: Actions not Permitted to the users
  • Data Actions: Data Actions permitted to the user
  • Not Data Actions: Data Actions not permitted to the user
• Resource Provider level Actions are documented over here
• Exercise 2: Create a custom policy by referring this document