Azure Classroomnotes 26/Aug/2022

Custom Roles in Azure

Scenario-3: Give an access to a group/user to perform any database and vm operations but not delete the vm’s or databases.

  • When we are defining azure custom roles ensure we are within limits Refer Here
  • Refer Here to the steps recommended by microsoft to create a custom
  • Resource Providers
    • Virtual Machines => Microsoft.Compute
    • Azure SQL => Microsoft.Sql
  • Operation for deletion
    • VM => Microsoft.Compute/virtualMachines/delete
    • Azure SQL => Microsoft.Sql/servers/delete
  • Now lets create a custom role using portal Refer Here
  • Lets assume assignable scope is subscription
  • Refer Here for the changes with rbac policy.
  • Assign this policy to the user at subscription level
  • Test:
    • Create an Azure SQL DB from your user account
    • Create a VM from your user account
    • Now login as New user with policy 3 permission, Try
      • Stop the vm => This should work
      • Delete the VM => This should fail
      • Delete the SQL Server => This should fail
        Refer Here

Scenario 4: Create a policy which allows users to do anything on any service but not stop vms

  • Refer Here for the changes done.
  • Test this policy

Scenario 5: Exercise:

  • Create a custom rbac with contributor permissions but user/group should not be able to delete
    • Virtual Machines
    • Disks
    • SQL Databases
    • SQL Servers
    • Storage Accounts
    • Azure Kubernetes Cluster

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner