Azure RBAC Flashcards

1
Q

Role-based access control can be used to assign permissions to WHAT?

A

Users
Groups
Applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an Azure RBAC Scope?

A

It’s a set of resources that the access applies to. When you assign a role, you can further limit the actions allowed by defining a scope.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The scope of role assignments can be

A

Management Groups
Subscriptions
Resource Groups
Single Resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an Azure RBAC Role Definition?

A

A collection of permissions. It lists the operations that can be performed such as read, write, and delete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an Azure RBAC Security Principal?

A

It’s an object that represents a user, group, service principal, or managed identity that is requesting access to Azure resources. You can assign a role to any of these security principals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an Azure RBAC Role Assignment?

A

It’s the process of attaching a role definition to a user, group, service principal, or managed identity at a particular scope for the purpose of granting access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an Azure RBAC Deny Assignments and do they take precedence over role assignments?

A

A deny assignment attaches a set of deny actions to a user, group, service principal, or managed identity at a particular scope for the purpose of denying access.

Deny assignments take precedence over role assignments.

Note: Can only be created using Azure Blue Prints or managed apps. You cannot create your own deny assignments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Azure RBAC includes over 70 built-in roles. However, there are four fundamental Azure roles. What are those roles?

A

Owner
Contributor
Reader
User Access Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Regarding the four fundamental Azure roles, briefly go over their permission sets.

A

Owner:
Full Access to all Resources
Delegate Access to Others

Contributor:
Cannot grant access to others
Creates and manages all types of Azure resources
Creates new tenants in Azure AD

Reader:
View Azure resources

User Access Administrator:
Manages user access to Azure resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In the Azure portal, role assignments using Azure RBAC appear on WHAT “blade”?

A

Access Control (IAM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly