Lets Give Roles to newly created users
- Giving a role to Ironman of contributor

- Now verify the access received to Ironman and you should be able to create resources & view them
- Scope of Assignment for Role is
- Subscription
- Resource Group
- Resource
- Roles assigned at subscription will be inherited in the bottom scopes (Resource Group & Resource)
- Roles assigned at Resource Group will be inherited at the Resource Level.

- Inherited roles can be overwritten in the bottom layers
- To view all the roles search for azure ad roles

- Quick Exercise: Assign Reader permission to thor at the subscription level and give owner permission to thor at any resource group.
Azure RBAC (Role Based Access Control)
- Azure RBAC is a system to provide fine-grained access management of Azure resources.
- Azure RBAC is an authorization system to give fine-grained access management of Azure resources
- What can i do with RBAC?
- Allow one user to manage Virtual Machines & other to manage virtual networks
- Create a DBA group to manage SQL databases.
- Allow an application access to all resources in a resource group
- Security Principal:
- A security principal is an object that represents user, group, service principal or managed identity that is requesting access to Azure resources.
- Service Principal: A security identity used by applications or services to access Azure resources. You can think of it as user id for Application.
Role definition
- A role definition is collection of permissions (simply its a role)
- How to create a role definition to suit my organizational needs.
Next steps:
- Understand Built-in roles & also creating custom roles
- Azure Policy
- Azure AD Connect scenarios.
