Open In App

Role Based Access Control in Microsoft Azure

Last Updated : 03 Apr, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

Pre-requisite:- Azure

Azure role-based access control is an access management system built over Azure Resource Manager which provides fine-grained access to specific users over specific resources.

Role Assignment

Role assignment allows us to grant specific users access to specific resources at specific levels. This forms the backbone of Azure Role-Based Access Control or Azure RBAC.

RBAC is required because it is like controlling access to the resources under your jurisdiction to make sure the relevant people are able to access the required resources. 

Role Assignment = Role definition + Security Principal + Scope

Role Definition or Azure Roles

Role definition (referring to an Azure role) is a group of actions that can be performed by a particular entity. They are nothing but a set of permissions required to deal with the resources present on the Azure portal.  A basic role definition looks like the following (in Azure PowerShell)

{
  "Name": "Contributor",
  "Id": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "IsCustom": false,
  "Description": "Lets you manage 
  everything except access to resources.",
  "Actions": [
    "*"
  ],
  "NotActions": [
    "Microsoft.Authorization/*/Delete",
    "Microsoft.Authorization/*/Write",
    "Microsoft.Authorization/elevateAccess/Action",
    "Microsoft.Blueprint/blueprintAssignments/write",
    "Microsoft.Blueprint/blueprintAssignments/delete"
  ],
  "DataActions": [],
  "NotDataActions": [],
  "AssignableScopes": [
    "/"
  ]
}

Security Principal:

The service principal will use the resources. Azure gives two options when creating a role assignment – User, Group, or service principal and Managed Identity.

Scope:

The resource to which the security principal is given access. It can be either the management group, the subscription, the resource group, resource.

Steps to Create a Role Assignment

Step 1: Let’s say you have a resource group called demorg and want to give someone named John Green the contributor role.

  • Scope:– Resource Group (demorg)
  • Role Definition:– Contributor
  • Service Principal:– John Green

Step 2: Go to the left sidebar and click on Access Control (IAM)  

create resource

 

Step 3: Click on Add to add a role assignment

IAM

 

Step 4: Choose the role definition:

Add role assignment

 

Step 5: Press Next and select the member to whom you want to assign the role by clicking + Select Members:

add members

 

Step 6: Click Next and finally click on the Review and Assign button.

Step 7: Once, the role assignment is complete, you can navigate to the resource group and again click the access control option.

Step 8: Click on the role assignments tab and search for the username in the search bar. Their required role should be present there with their name.

create role

 


Like Article
Suggest improvement
Next
Microsoft Azure - Checking your Access on Azure Subscription
Share your thoughts in the comments

Similar Reads

How To Use Kubernetes RBAC (Role-Based Access Control)?
Microsoft Azure - Get Azure VM Properties using Azure PowerShell
Microsoft Azure - RDP to Azure Virtual Machines using Azure Bastion
Microsoft Azure - Configure Azure SQL with Azure CLI
Microsoft Azure - Get CPU Utilization Data of a Azure VM in Azure Portal
Microsoft Azure - Archive Azure VM to Azure Storage Account
Microsoft Azure - Check Status of Azure VM using Azure PowerShell
Microsoft Azure - Azure VM Disk Space in Percentage using Azure KQL
Microsoft Azure - Enable Azure Monitor VM Insights Agent For Azure VM
Microsoft Azure - Azure CLI Commands to Manage Azure VMs
author
akshaysobti15
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox