Azure AD (Microsoft Entra contd)
- Role in Azure means set of permissions
Azure AD Roles
- While creating a user in Azure AD we will have an option of Role
- This is about permissions to tenant.
- Refer Here for the available roles
AZURE RBAC(Role Based Access Control)
-
These roles can be assigned at 4 levels
- management group
- subscription level
- resource group level
- resource level
- This is about permission to resource
- These role become applicable when the assignment is done to the user or group with a particular role
Azure Roles:
- Overview
- In Azure Roles, Refer Here
- Owner Role refers to full permissions on object and also give permissions to other users.
- Contributor refers to full permissions on object but cannot give permissions to other users.
- Reader refers to read permissions
- Azure comes with builtin roles. Refer Here for the full list of roles provided by microsoft.
- Azure also allows us to create our own roles (Custom roles)
Scenario: Understanding inherited role assignments
- Overview
- Create a user or take any existing user.
- Lets create a storage account from root user login
- resource group
- resource
- Lets give permission as owner at resource group level and try changing some value in storage account
-
Now lets view access at resource group and resource level
- Roles are written in JSON format. Roles have slightly different format from cli and portal.
- Next Steps:
- understand JSON
- understand JMES
