Azure Active Directory
Create a user and give him permission only on one resource group
- When you create azure account, a default tenant will be created.
- Each tenant will have unique tenant id and primary domain
<name>..onmicrosoft.com. - Every user created will have id
<username>@<primarydomain>
admin@qtkhajadevopsgmail.onmicrosoft.com
- We can do map our organization domain name by doing some extra steps (will be discussed later)
admin@qualitythought.in
- Lets create a user called as
dell
- The user name is
dell@qtkhajadevopsgmail.onmicrosoft.com - Now open a different browser of launch inprivate/incognito and navigate to portal.azure.com
- So far our steps have lead to authentication in Azure
- Now lets authorize the user
- by giving read permissions at subscription level
- IN Azure the permission given at subscription level drills down to all resource groups and resources and the permissions given to the resource group applies to all resources in resource group
- We can apply permission as of now at
- subscription level
- resource group level
- resoure level
- Now go back to root user => subscriptions => Select your subscription
- Now login in as dell
- As we have experimented this user has only read permissions, now lets give permision to this user on resource group
audiio - Login in as owner account, Navigate to resource group
- Now lets check access
Exercise
- JSON: Refer Here
- Windows: Refer Here for installing necessary softwares
