![]() For example, if a user has read data access to a storage account, then they can read the blobs or messages within that storage account.įor more information, see Understand Azure role definitions. This video provides a quick overview of built-in roles and custom roles.Īzure has data actions that enable you to grant access to data within an object. If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles. For example, the Virtual Machine Contributor role allows a user to create and manage virtual machines. Roles can be high-level, like owner, or specific, like virtual machine reader.Īzure includes several built-in roles that you can use. A role definition lists the actions that can be performed, such as read, write, and delete. You can assign a role to any of these security principals.Ī role definition is a collection of permissions. Security principalĪ security principal is an object that represents a user, group, service principal, or managed identity that is requesting access to Azure resources. A role assignment consists of three elements: security principal, role definition, and scope. This is a key concept to understand – it's how permissions are enforced. The way you control access to resources using Azure RBAC is to assign Azure roles.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2023
Categories |