Azure Classroom notes 19/Dec/2023

Azure Management Groups

  • Refer Here of Management groups for effectively governing multiple subscriptions

Preview

Azure RBAC Roles

  • Azure uses RBAC (Role Based Access control) for authorizing permissions to Resources
  • Note: we have alreay understood the inherited role assignments
  • Lets view a role
    Preview
    Preview
    Preview
  • Azure built in roles – Owner 
{
    "id": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
    "properties": {
        "roleName": "Owner",
        "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
        "assignableScopes": [
            "/"
        ],
        "permissions": [
            {
                "actions": [
                    "*"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
  • Now lets use the json of Reader
{
    "id": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
    "properties": {
        "roleName": "Reader",
        "description": "View all resources, but does not allow you to make any changes.",
        "assignableScopes": [
            "/"
        ],
        "permissions": [
            {
                "actions": [
                    "*/read"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
  • Azure Role is a json file with the following components
    • scope: where the role can be applied
      • management group
      • subscription
      • resource group
      • resource
    • Actions: They represent activities that are allowed
    • notActions: They Represent activities that are denied
    • dataActions: TBD
    • notActions: TBD

Activity 1

  • Ensure you have a user
  • using root user or owner account create a resource group and then create
    • virtual network
    • storage account
  • Now assign the user role of Storage Account Contributor at subscription level
    Preview
  • view the resources in resource group
    Preview
    Preview
  • Try creating a vnet
    Preview
    Preview
    Preview

Activity 2:

  • Ensure the user has permissions to do any activity on storage account and read permissions on others
    Preview
  • Exercises:

    • Delete all existing role assignments to a user
    • Give the user the permission to create virtual machines in resource group test and not in other resource groups.
    • Give the user the permission to view all the resources in subscription
    • In Resoruce group test also give permission to do any thing in virtual network

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube