Azure Role Based Access Control (Azure RBAC)
Azure RBAC is an authorization system built on Azure Resource Manager that provides a fine grained access management of Azure Resources.
Azure Security Prinicipal:
- This is an object that represents a user, a group, service pricipal or managed identity that is request to Azure Resources
- Role Definition
- This is a collection of permissions typically called as role.
- This list actions that can be performed such as read, write and delete
- Azure has several built in roles Refer Here
- This is set of resources that the access applies to
- Role Assignment
- This is the process of attaching a role definition to a user/group/service prinicipal/managed identity at a particular scope for the purpose of granting access.
- Exercise: Give the Reader Access at the subscription level to the Developers Group
Understanding Azure Role Definitions
- Role definition has some properties
- Sample built in role defintion for Contributor in JSON Format
"description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",