Azure permission model

Understanding Microsoft Azure Architecture and Services

Florin Angelescu

Azure Architect

Azure permission model

• Structure and system in place for managing and controlling access to Azure resources
• Two primary models for managing access:
  • Directory roles
  • Role-Based Access Control (RBAC)

What is a role?

• Collection of permissions
• Define the actions an entity can perform on Azure resources
• Azure offers:
  • Predefined roles
  • Creation of custom roles

Directory roles

• Identity and access management within the organization
• Not related to managing access to Azure resources

Directory roles

Directory roles use cases

• Administrative tasks related to:

  • User accounts
  • Groups
  • Directory settings

• Example: IT administrator

Role-based access control (RBAC)

• Manage access to Azure resources
• Control who can do what within:
  • Subscription
  • Resource group
  • Individual resource
• Assign specific roles
• Assign only the necessary permissions

RBAC use cases

RBAC inheritance

• Permissions are propagated through different levels of the resource hierarchy
• Permissions assigned at a higher level are automatically inherited by lower levels

RBAC inheritance

RBAC inheritance

Let's practice!

Understanding Microsoft Azure Architecture and Services