Azure RBAC Flashcards
Role-based access control can be used to assign permissions to WHAT?
Users
Groups
Applications
What is an Azure RBAC Scope?
It’s a set of resources that the access applies to. When you assign a role, you can further limit the actions allowed by defining a scope.
The scope of role assignments can be
Management Groups
Subscriptions
Resource Groups
Single Resources
What is an Azure RBAC Role Definition?
A collection of permissions. It lists the operations that can be performed such as read, write, and delete.
What is an Azure RBAC Security Principal?
It’s an object that represents a user, group, service principal, or managed identity that is requesting access to Azure resources. You can assign a role to any of these security principals.
What is an Azure RBAC Role Assignment?
It’s the process of attaching a role definition to a user, group, service principal, or managed identity at a particular scope for the purpose of granting access.
What is an Azure RBAC Deny Assignments and do they take precedence over role assignments?
A deny assignment attaches a set of deny actions to a user, group, service principal, or managed identity at a particular scope for the purpose of denying access.
Deny assignments take precedence over role assignments.
Note: Can only be created using Azure Blue Prints or managed apps. You cannot create your own deny assignments.
Azure RBAC includes over 70 built-in roles. However, there are four fundamental Azure roles. What are those roles?
Owner
Contributor
Reader
User Access Administrator
Regarding the four fundamental Azure roles, briefly go over their permission sets.
Owner:
Full Access to all Resources
Delegate Access to Others
Contributor:
Cannot grant access to others
Creates and manages all types of Azure resources
Creates new tenants in Azure AD
Reader:
View Azure resources
User Access Administrator:
Manages user access to Azure resources
In the Azure portal, role assignments using Azure RBAC appear on WHAT “blade”?
Access Control (IAM)