Azure RBAC Roles continued
Activity 3: Create a role for a user to have all read permissions and create network but not delete network
{
"properties": {
"roleName": "activity3",
"description": "to have all read permissions and create network but not delete network",
"assignableScopes": ["/subscriptions/{your-subscription-id}"],
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Network/virtualNetworks/write",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
{
"Name": "activity3",
"IsCustom": true,
"Description": "",
"Actions": [
"*/read",
"Microsoft.Network/virtualNetworks/write",
"Microsoft.Resources/deployments/*"
],
"NotActions": [],
"AssignableScopes": [
"/subscriptions/{your-subscription-id}"
]
}
Activity 4: Create a role for a user to perform all actions but not delete actions.
{
"properties": {
"roleName": "activity4",
"description": "",
"assignableScopes": [],
"permissions": [
{
"actions": ["*"],
"notActions": ["*/delete"],
"dataActions": [],
"notDataActions": []
}
]
}
}
- Effective Permissions = Actions – NotActions
Create a role with any name to give all actions on virtual network in a specific resource group.
- Action:
Microsoft.Network/virtualNetworks/*, */read, Microsoft.Resources/deployments/*
-
scope: scope is resource group now
-
As of now, we can create users, groups, roles and perform role assignment to the user to get specific permissions on Azure using RBAC
-
Figure out the following
- how many custom roles can you add Refer Here
- What is client id in azure and where do we use it Refer Here
- what is federation in identity systems Refer Here
- Single sign on (SSO)
Like this:
Like Loading...
