Managing Access to Resources with Role-Based Access Control (RBAC) Flashcards
What is RBAC, and how does it control access to resources and services in Azure?
RBAC stands for Role-Based Access Control, which controls access to resources and services based on roles assigned to users, devices, applications, or services.
What are the two overarching types of roles in Azure RBAC?
The two overarching types of roles in Azure RBAC are built-in roles and custom roles.
What is the importance of scope in role assignments?
: Scope refers to the permissions necessary for a specific task, as well as the resources or services involved, and the individuals involved. It’s crucial to limit permissions to only what is necessary.
: What is inheritance in the context of RBAC?
Inheritance is the principle or capability of roles to inherit permissions from other roles. It helps avoid redundant role assignments by applying permissions at a higher level of organizational construct.
What are some best practices for managing access with RBAC?
Some best practices include practicing least privilege, using built-in roles whenever possible, segregating roles based on duties and responsibilities, managing resource or service scope to avoid permission sprawl, and regularly reviewing, auditing, and documenting access control configurations.
What is the key principle to remember with role assignment in RBAC?
The key principle is scope, ensuring that permissions are limited to what is necessary for a specific task or role.
How can inheritance be applied effectively in RBAC?
Inheritance can be applied by assigning roles and permissions to groups rather than individual users whenever possible. This ensures efficiency and avoids redundancy in role assignments.
What are some benefits of using RBAC in Azure?
RBAC provides built-in roles for convenience and custom roles for specificity, helps in managing access efficiently, and ensures security by limiting permissions based on roles and responsibilities.