Azure AD Roles

• Azure AD Roles are used to manage users and permissions in managing users. These roles when attached to a user can help in managing only Azure AD (and other identities)
• Roles that can be attached to user in Azure AD
  
• Lets assign a role to the user created in last class
  

Azure Roles

• Azure Roles are used to provide access on Azure Resources in subscriptions
• Azure Roles define a particular access to azure resources
• Azure Roles can be assigned at
  • Subscription Level:
    • Role applied at this level gives access across subscription
    • Role applied at this level will be shown as inherited role in child levels (Resource Group and Resource)
  • Resource Group Level
    • Role applied at this level gives access across resource group
  • Resource Level:
    • Role applied at this level gives access for a resource
• Azure has followign basic roles
  • Owner:
    • This represents
      • full access to perform any operation (Read, Modify, Create, Delete)
      • giving access to other users
  • Reader
    • This represents viewing (Reading)
  • Contributor
    • This represents
      • full access to perform any operation (Read, Modify, Create, Delete)
  • Azure Creates lots of other roles for convinience like Storage Account Owner, Storage Account Reader, Storage Account Contributor, Virtual Machine Contributor etc… These roles are referred as builtin roles Refer Here

Exercise

• Create two users (Ram, Bheem)
• At the subscription level give permission to Ram as Owner and Bheem as Reader.
• Login in as Ram and create a new Resource Group
• Try the same for bheem
• Create a Group Avengers and Justice League
• Avengers Users:
  • Ironman
  • Thor
  • SpiderMan
• Justice league
  • Superman
  • Batman
  • Wonderwoman
• Give Role assignment of Contributor to avengers at subscription level and Reader at subscription level to Justice League
• Now verify the access by signing in as any superhero