Azure Classroomnotes 08/Apr/2022

Azure Role Based Access Control (Azure RBAC)

  • Azure RBAC is an authorization system built on Azure Resource Manager that provides a fine grained access management of Azure Resources.
  • Azure Security Prinicipal:

    • This is an object that represents a user, a group, service pricipal or managed identity that is request to Azure Resources
  • Role Definition
    • This is a collection of permissions typically called as role.
    • This list actions that can be performed such as read, write and delete
    • Azure has several built in roles Refer Here
  • Scope:
    • This is set of resources that the access applies to
  • Role Assignment
    • This is the process of attaching a role definition to a user/group/service prinicipal/managed identity at a particular scope for the purpose of granting access.
  • Exercise: Give the Reader Access at the subscription level to the Developers Group

Understanding Azure Role Definitions

  • Role definition has some properties
  • Sample built in role defintion for Contributor in JSON Format
    "id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
    "properties": {
        "roleName": "Contributor",
        "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
        "assignableScopes": [
        "permissions": [
                "actions": [
                "notActions": [
                "dataActions": [],
                "notDataActions": []

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner