Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:az-500:alt:role_based_access_control [2023/02/03 15:23] – [Role Based Access Control/RBAC] mmuze | azure:az-500:alt:role_based_access_control [2023/02/06 22:44] (current) – [Role Based Access Control/RBAC] mmuze | ||
|---|---|---|---|
| Line 10: | Line 10: | ||
| * **Custom Roles** require a P1 or P2 license | * **Custom Roles** require a P1 or P2 license | ||
| * In RBAC role definitions there are //actions// and //data actions//, with the former being actions on the //control plane// and the later on the //data plane//. For example, a permission that allows a storage account to be read (as in listing blob containers) is a control plane action, whereas reading the actual blobs is a data plane action. | * In RBAC role definitions there are //actions// and //data actions//, with the former being actions on the //control plane// and the later on the //data plane//. For example, a permission that allows a storage account to be read (as in listing blob containers) is a control plane action, whereas reading the actual blobs is a data plane action. | ||
| + | |||
| ===== Azure AD roles vs. Azure Resource Manager (ARM) roles ===== | ===== Azure AD roles vs. Azure Resource Manager (ARM) roles ===== | ||
| Line 69: | Line 70: | ||
| | Reader | Lets you view everything, but not make any changes | | | Reader | Lets you view everything, but not make any changes | | ||
| | User Access Administrator | Lets you manage user access to Azure resources. | | | User Access Administrator | Lets you manage user access to Azure resources. | | ||
| + | |||
| + | ====== Access Policies ====== | ||
| + | * In addition to RBAC roles some resources have an additional layer of access control in form of //access policies//. | ||
| + | * Roles operate at the // | ||