Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:az-500:alt:role_based_access_control [2023/02/06 22:40] – mmuze | azure:az-500:alt:role_based_access_control [2023/02/06 22:44] (current) – [Role Based Access Control/RBAC] mmuze | ||
|---|---|---|---|
| Line 10: | Line 10: | ||
| * **Custom Roles** require a P1 or P2 license | * **Custom Roles** require a P1 or P2 license | ||
| * In RBAC role definitions there are //actions// and //data actions//, with the former being actions on the //control plane// and the later on the //data plane//. For example, a permission that allows a storage account to be read (as in listing blob containers) is a control plane action, whereas reading the actual blobs is a data plane action. | * In RBAC role definitions there are //actions// and //data actions//, with the former being actions on the //control plane// and the later on the //data plane//. For example, a permission that allows a storage account to be read (as in listing blob containers) is a control plane action, whereas reading the actual blobs is a data plane action. | ||
| + | |||
| ===== Azure AD roles vs. Azure Resource Manager (ARM) roles ===== | ===== Azure AD roles vs. Azure Resource Manager (ARM) roles ===== | ||
| Line 72: | Line 73: | ||
| ====== Access Policies ====== | ====== Access Policies ====== | ||
| * In addition to RBAC roles some resources have an additional layer of access control in form of //access policies//. | * In addition to RBAC roles some resources have an additional layer of access control in form of //access policies//. | ||
| + | * Roles operate at the // | ||