Scenario 5: Exercise:
- Create a custom rbac with contributor permissions but user/group should not be able to delete
- Virtual Machines
- Disks
- SQL Databases
- SQL Servers
- Storage Accounts
- Azure Kubernetes Cluster
- Refer Here for the policy
- Note: We have observed the issue when there are inherited roles from above level conflicting with roles at current level. So we need to check out with deny assignments which have more priority than role assignments.
Creating, Updating and listing policies using Azure CLI
- Install Azure CLI Refer Here
- Refer Here For installing Azure CLI and Powershell
- Azure CLI Commands will be in the format of
az <service> [sub-service] <action> [args]
az group list
az group delete
az sql create
- Since we are working with roles Refer Here
- CLI Commands by default return json, but other formats such as table are also supported
* For better CLI output formatting use json tree viewers Refer Here