azure:az-500:alt:role_based_access_control

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:alt:role_based_access_control [2023/01/31 23:14] – [Role Based Access Control/RBAC] mmuzeazure:az-500:alt:role_based_access_control [2023/02/06 22:44] (current) – [Role Based Access Control/RBAC] mmuze
Line 9: Line 9:
       * Unlike AAD roles ARM roles can be assigned to synced groups in addition to cloud groups and users.       * Unlike AAD roles ARM roles can be assigned to synced groups in addition to cloud groups and users.
   * **Custom Roles** require a P1 or P2 license   * **Custom Roles** require a P1 or P2 license
 +  * In RBAC role definitions there are //actions// and //data actions//, with the former being actions on the //control plane// and the later on the //data plane//. For example, a permission that allows a storage account to be read (as in listing blob containers) is a control plane action, whereas reading the actual blobs is a data plane action.
 +
  
 ===== Azure AD roles vs. Azure Resource Manager (ARM) roles ===== ===== Azure AD roles vs. Azure Resource Manager (ARM) roles =====
Line 68: Line 70:
 | Reader | Lets you view everything, but not make any changes | | Reader | Lets you view everything, but not make any changes |
 | User Access Administrator | Lets you manage user access to Azure resources. | | User Access Administrator | Lets you manage user access to Azure resources. |
 +
 +====== Access Policies ======
 +  * In addition to RBAC roles some resources have an additional layer of access control in form of //access policies//.
 +  * Roles operate at the //management plane// and access policies operate at the //data plane//.
  • azure/az-500/alt/role_based_access_control.1675206892.txt.gz
  • Last modified: 2023/01/31 23:14
  • by mmuze