Saturday, November 14, 2015

Roles vs Groups: Azure Role Based Access Control (RBAC)


Group vs role (Any real difference?) - Stack Overflow

"A group is a collection of users with a given set of permissions assigned to the group (and transitively, to the users).
A role is a collection of permissions, and a user effectively inherits those permissions when he acts under that role.
...
Typically your group membership remains during the duration of your login.
A role, on the other hand, can be activated according to specific conditions.
...
Roles can be activated by time of day, location of access. 
Roles can also be enhanced/associated with attributes.
You might be operating as 'physician', but if you do not have a 'primary physician' attribute or relation with me (a user with 'patient' role), then you cannot see my entirety of medical history."

Azure Active Directory AD Role-based Access Control | Microsoft Azure

"Access is granted by assigning the appropriate RBAC role to users, groups, and applications, at the right scope. To grant access to the entire subscription, assign a role at the subscription scope. To grant access to a specific resource group within a subscription, assign a role at the resource group scope. You may assign roles at specific resources too, like websites, virtual machines and subnets, to grant access only to a resource."


RBAC: Built in Roles | Microsoft Azure

Azure RBAC is GA! - Active Directory Blog - Site Home - TechNet Blogs

RBAC and the Azure Resource Manager - Cloud Solution Architect - Site Home - MSDN Blogs

Role-Based Access Control | Security content from Windows IT Pro
"In the RBAC model, role-enabled applications query the RBAC policy database or the associated access control authority to determine whether a user has permission to perform a particular action."



No comments: