Azure Classroom Series – 15/Apr/2021

Role Based Access Control (RBAC)

  • RBAC allows us to manage the entitites also referred as security principals, that have access to the Azure Resources and actions that the entities can perform
  • How RBAC works:
    • Role assignments are the mechanism to control access to Azure resources using RBAC.
    • A role assignment consists of three elements
      • A security principal: These are objects that are associated with a role definition . Security principal can be
        • user
        • group
        • Service Principal
      • A role definition: The specific permissions that are applied to a resource with RBAC are defined in Role definition
        • This containes
          • list of permissions
          • allowed/denied actions
        • Roles can be built-in or custom.
        • Basic built-in roles are
          • Owner
          • Contributor
          • Reader
          • User Acess Administrator
        • Built in roles Refer Here
      • A Scope: This is a logical boundary where access rights apply. there are four scopes at which RBAC can be applied
        • Management Group
        • Subscription
        • Resource Group
        • Resource Preview

Scenario 1:

  • Create a user account for ram (a developer )
    • Developer should be able to create and manage resources
  • Create a user account for robert (a tester)
    • Tester should be able to view resources
  • create a user account for rahim (an admin)
    • Admin should be able to create, manage and allow access to other users
  • Steps:
    • Create three users in Azure Active Directory Preview
    • In this case lets navigate to subscriptions and Assign roles of Contributor to ram, Reader to robert and Owner to Rahim. Preview Preview
    • Create two resource groups
      • resga Preview
      • resgb Preview
    • Create a storage account in resga Preview
    • Create a virtual network in resgb Preview
    • Login into azure using ram’s credentials Navigate to resga and check the role assignments at resource group level Preview
    • at resource level Preview
    • Try verifying for other accounts (rahim and robert)
  • Now login into your azure account and give Reader permission to RAM at resgb
  • Now login in as ram and verify role assignments Preview
  • from ram’s login try to add some thing to vnet Preview
  • Json formats : To learn about json and yaml file formats Refer Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Plugin for Social Media by Acurax Wordpress Design Studio

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube