Azure Active Directory
- Lets create the following groups
- Avengers: This group should have following users
- ironman
- thor
- hulk
- vision
- Justice League:
- batman
- wonderwoman
- superman
- flash
- Avengers: This group should have following users
- Lets give Reader access to Avengers and Justice League at subscription level
- Lets create a Resource Group called as SHEILD. Where Avengers have contributor access
- Give Owner access to SHEILD Resource group to thor.
- Now lets login as thor.
- Thor is able to perform any operations on sheild resource group
- Read in any other resource group
- Now lets login as wonderwoman
- Lets see if we can do anything to hide sheild from justice league
- In Azure when we want to give custom role assignments, then we are expected to create custom roles which are JSON files.
- Exercise: JSON and YAML Tutorial Refer Here
- Lets create a Resource (Vnet) in the sheild resource group.
- Lets give Reader access to hulk and check if he can delete or not
- Now lets login as hulk and try deleting the vnet. Hulk is able to delete.
