Azure Classroom Series – 15/Apr/2021

Role Based Access Control (RBAC)

  • RBAC allows us to manage the entitites also referred as security principals, that have access to the Azure Resources and actions that the entities can perform
  • How RBAC works:
    • Role assignments are the mechanism to control access to Azure resources using RBAC.
    • A role assignment consists of three elements
      • A security principal: These are objects that are associated with a role definition . Security principal can be
        • user
        • group
        • Service Principal
      • A role definition: The specific permissions that are applied to a resource with RBAC are defined in Role definition
        • This containes
          • list of permissions
          • allowed/denied actions
        • Roles can be built-in or custom.
        • Basic built-in roles are
          • Owner
          • Contributor
          • Reader
          • User Acess Administrator
        • Built in roles Refer Here
      • A Scope: This is a logical boundary where access rights apply. there are four scopes at which RBAC can be applied
        • Management Group
        • Subscription
        • Resource Group
        • Resource Preview

Scenario 1:

  • Create a user account for ram (a developer )
    • Developer should be able to create and manage resources
  • Create a user account for robert (a tester)
    • Tester should be able to view resources
  • create a user account for rahim (an admin)
    • Admin should be able to create, manage and allow access to other users
  • Steps:
    • Create three users in Azure Active Directory Preview
    • In this case lets navigate to subscriptions and Assign roles of Contributor to ram, Reader to robert and Owner to Rahim. Preview Preview
    • Create two resource groups
      • resga Preview
      • resgb Preview
    • Create a storage account in resga Preview
    • Create a virtual network in resgb Preview
    • Login into azure using ram’s credentials Navigate to resga and check the role assignments at resource group level Preview
    • at resource level Preview
    • Try verifying for other accounts (rahim and robert)
  • Now login into your azure account and give Reader permission to RAM at resgb
  • Now login in as ram and verify role assignments Preview
  • from ram’s login try to add some thing to vnet Preview
  • Json formats : To learn about json and yaml file formats Refer Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin