Azure Classroom Series – 15/Apr/2021

Role Based Access Control (RBAC)

  • RBAC allows us to manage the entitites also referred as security principals, that have access to the Azure Resources and actions that the entities can perform
  • How RBAC works:
    • Role assignments are the mechanism to control access to Azure resources using RBAC.
    • A role assignment consists of three elements
      • A security principal: These are objects that are associated with a role definition . Security principal can be
        • user
        • group
        • Service Principal
      • A role definition: The specific permissions that are applied to a resource with RBAC are defined in Role definition
        • This containes
          • list of permissions
          • allowed/denied actions
        • Roles can be built-in or custom.
        • Basic built-in roles are
          • Owner
          • Contributor
          • Reader
          • User Acess Administrator
        • Built in roles Refer Here
      • A Scope: This is a logical boundary where access rights apply. there are four scopes at which RBAC can be applied
        • Management Group
        • Subscription
        • Resource Group
        • Resource

Scenario 1:

  • Create a user account for ram (a developer )
    • Developer should be able to create and manage resources
  • Create a user account for robert (a tester)
    • Tester should be able to view resources
  • create a user account for rahim (an admin)
    • Admin should be able to create, manage and allow access to other users
  • Steps:
    • Create three users in Azure Active Directory
    • In this case lets navigate to subscriptions and Assign roles of Contributor to ram, Reader to robert and Owner to Rahim.
    • Create two resource groups
      • resga
      • resgb
    • Create a storage account in resga
    • Create a virtual network in resgb
    • Login into azure using ram’s credentials Navigate to resga and check the role assignments at resource group level
    • at resource level
    • Try verifying for other accounts (rahim and robert)
  • Now login into your azure account and give Reader permission to RAM at resgb
  • Now login in as ram and verify role assignments
  • from ram’s login try to add some thing to vnet
  • Json formats : To learn about json and yaml file formats Refer Here

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Media Icons Powered by Acurax Web Design Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%