Scenario –
- I have to create 3 types of users
- Developers
- QA
- admin
- The permission is scoped at subscription level
- Developers should be able to create, modify but not delete
- network
- storage
- virtual machines
- QA should be able to view all, but not update
- admin should be able to do any thing
Solution
- Create 3 groups
- Developer
- Admin
- QA
- Create a test user to check the access
- Lets create a json file with permissions. This process is referred as Custom RBAC (Role Based Access Control)
- Refer Here for the example
- Refer Here for the list of builtin roles
- Lets create a custom rbac from azure portal Refer Here
- We have create a custom role and then checking this for test user
- Developer
Exercise:
- Based on this create admin from portal.
