Azure
- In Azure We have users and groups managed by Tenants. Microsoft Entra is Tenant (Formerly Azure AD)
- While creating Resources we need to provide
- subscription
- Resource Group
- Users can be assigned permission with RBAC (Role based access control) at subscription level, Resource Group level and Resource level
- In Azure, if we give access at parent level, it will be inherited in child level
- We have other levels where we can assign permissions at management group level Refer Here
- The Microsoft Entra Id Tenant is used not only for Azure, But for also office 365
Management Group Creation
User Creation
- In Azure, Every subscription will have unique subscription-id and Every tenant will have unique Tenant id
- Open Microsoft Entra in your azure portal
- Make a note of
- name
- tenant id in your azure account
- Now try creating a user
- This user exists at Tenant level i.e Microsoft Entra ID level and will not be associated with any subscriptions by default
- If we want to give this user access to azure resources we need to perform an extra step of Role Assignment
- Azure Gives lots of built in roles
- Generic
- Reader: Readonly access
- Contributor: Full access but cannot give permissions to others
- Owner: Full access + give permissions to others
- Service Specific
- Storage Contributor
- ACR Pull
- ..
- Generic
- Lets assign reader permission to user1
