Monday, February 01, 2016

Azure Role-Based Access Control (RBAC)

Azure Active Directory AD Role-based Access Control | Microsoft Azure
"Each Azure subscription is associated with one Azure Active Directory. Only users, groups, and applications from that directory can be granted access to manage resources in the Azure subscription, using the Azure portal, Azure Command-Line tools and Azure Management APIs.
Access is granted by assigning the appropriate RBAC role to users, groups, and applications, at the right scope."
Azure Active Directory resources and resource management tools - diagram
"Azure RBAC has three basic roles that apply to all resource types: 
  • Owner has full access to all resources including the right to delegate access to others. 
  • Contributor can create and manage all types of Azure resources but can’t grant access to others. 
  • Reader can only view existing Azure resources."