Role Based Access Control in Microsoft Azure
Last Updated :
03 Apr, 2023
Pre-requisite:- Azure
Azure role-based access control is an access management system built over Azure Resource Manager which provides fine-grained access to specific users over specific resources.
Role Assignment
Role assignment allows us to grant specific users access to specific resources at specific levels. This forms the backbone of Azure Role-Based Access Control or Azure RBAC.
RBAC is required because it is like controlling access to the resources under your jurisdiction to make sure the relevant people are able to access the required resources.
Role Assignment = Role definition + Security Principal + Scope
Role Definition or Azure Roles
Role definition (referring to an Azure role) is a group of actions that can be performed by a particular entity. They are nothing but a set of permissions required to deal with the resources present on the Azure portal. A basic role definition looks like the following (in Azure PowerShell)
{
"Name": "Contributor",
"Id": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"IsCustom": false,
"Description": "Lets you manage
everything except access to resources.",
"Actions": [
"*"
],
"NotActions": [
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action",
"Microsoft.Blueprint/blueprintAssignments/write",
"Microsoft.Blueprint/blueprintAssignments/delete"
],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/"
]
}Security Principal:
The service principal will use the resources. Azure gives two options when creating a role assignment – User, Group, or service principal and Managed Identity.
Scope:
The resource to which the security principal is given access. It can be either the management group, the subscription, the resource group, resource.
Steps to Create a Role Assignment
Step 1: Let’s say you have a resource group called demorg and want to give someone named John Green the contributor role.
- Scope:– Resource Group (demorg)
- Role Definition:– Contributor
- Service Principal:– John Green
Step 2: Go to the left sidebar and click on Access Control (IAM)
Step 3: Click on Add to add a role assignment
Step 4: Choose the role definition:
Step 5: Press Next and select the member to whom you want to assign the role by clicking + Select Members:
Step 6: Click Next and finally click on the Review and Assign button.
Step 7: Once, the role assignment is complete, you can navigate to the resource group and again click the access control option.
Step 8: Click on the role assignments tab and search for the username in the search bar. Their required role should be present there with their name.
Similar Reads
Flask - Role Based Access Control
Role-Based Access Control (RBAC) is a security mechanism that restricts user access based on their roles within an application. Instead of assigning permissions to individual users, RBAC groups users into roles and each role has specific permissions.For example, in a Flask app, we might have roles l
9 min read
Microsoft Azure - Introduction to Azure Arc
In this article, we will learn how to get started with Azure Arc in the Azure Portal. Azure Arc is a set of offerings that allow you to bring Azure management anywhere. And you can basically take resources that don't run on Azure like Kubernetes clusters or virtual machines or what you can bring the
4 min read
Microsoft Azure - Accessing Virtual Machines using Bastion
In this article, we will learn how to use Azure Baston to access virtual machines. You can use Azure Bastion to connect to your Azure VMs without exposing your VMs to the public Internet. Azure Bastion is a fully managed service used for securing Remote Desktop Protocol (RDP) and Secure Shell Protoc
2 min read
Microsoft Azure - Introduction to Azure SQL Database
Azure SQL Database is a database built for modern Cloud applications. Developers and clients opt for Azure SQL for one or more of the below-mentioned reasons: If they want to build multi-tenanted software as a service type of application, elastic pools are a great option for the same.If they have a
3 min read
Microsoft Azure - Introduction to Azure Database For MySQL
This article aims to provide introductory knowledge of the Azure Database for MySQL. By the end of this read, users will be able toUnderstand the basic idea of Azure Database for MYSQL, and how it differs from traditional MYSQL databases.Understand business requirements and benefits of this service.
3 min read
Microsoft Azure - New Features in Azure Functions
In this article we will learn about the all-new and improved Azure Functions experience. In this article, we will look into the new preview for the Azure Functions experience. When you come to the Azure Functions UI, this is something that you should already be familiar with, but Azure has this new
3 min read
Microsoft Azure - Create Alert For Conditional Access Policy Changes
In this article, we will look into the process of creating an alert for Conditional Access Policy Changes. Conditional Access brings signals together, to make decisions, and enforce organizational policies. This alert detects :Creation of a New Conditional Access Policy,Deletion of a Conditional Acc
2 min read
Microsoft Azure - Data Protection in Azure SQL
In this article, we will learn about the data protection aspects of Azure SQL. Azure SQL provides a Unified package of SQL security intelligent capabilities, which includes: Data ClassificationVulnerability AssessmentAdvanced Threat Protection SQL Data Discovery & Classification: This service is
4 min read
Microsoft Azure - Introduction to Azure SQL
This article aims to explain what is Azure SQL and how to translate your existing SQL Server expertise to Azure SQL. This is going to include Azure SQL database and Azure SQL Managed Instance. It also aims to explain the foundational knowledge of what to use when, as well as how to configure, monito
5 min read
Microsoft Azure - Checking your Access on Azure Subscription
In this article, you will see the process of how to view your azure role assignment on azure subscriptions and also on selecting azure subscriptions at resource group level or on resource level. Implementation: Follow the steps below to view your access on Azure subscriptions: Step 1: Log in to Azur
2 min read