Azure Classroom Series – 30/Jul/2020

Lets Give Roles to newly created users

  • Giving a role to Ironman of contributor Preview Preview Preview Preview Preview
  • Now verify the access received to Ironman and you should be able to create resources & view them
  • Scope of Assignment for Role is
    1. Subscription
    2. Resource Group
    3. Resource
  • Roles assigned at subscription will be inherited in the bottom scopes (Resource Group & Resource)
  • Roles assigned at Resource Group will be inherited at the Resource Level. Preview Preview
  • Inherited roles can be overwritten in the bottom layers
  • To view all the roles search for azure ad roles Preview Preview Preview
  • Quick Exercise: Assign Reader permission to thor at the subscription level and give owner permission to thor at any resource group.

Azure RBAC (Role Based Access Control)

  • Azure RBAC is a system to provide fine-grained access management of Azure resources.
  • Azure RBAC is an authorization system to give fine-grained access management of Azure resources
  • What can i do with RBAC?
    • Allow one user to manage Virtual Machines & other to manage virtual networks
    • Create a DBA group to manage SQL databases.
    • Allow an application access to all resources in a resource group
  • Security Principal:
    • A security principal is an object that represents user, group, service principal or managed identity that is requesting access to Azure resources.
  • Service Principal: A security identity used by applications or services to access Azure resources. You can think of it as user id for Application.

Role definition

  • A role definition is collection of permissions (simply its a role)
  • How to create a role definition to suit my organizational needs.

Next steps:

  • Understand Built-in roles & also creating custom roles
  • Azure Policy
  • Azure AD Connect scenarios.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin