Role Definition or Azure Roles
Role definition (referring to an Azure role) is a group of actions that can be performed by a particular entity. They are nothing but a set of permissions required to deal with the resources present on the Azure portal. A basic role definition looks like the following (in Azure PowerShell)
{ "Name": "Contributor", "Id": "b24988ac-6180-42a0-ab88-20f7382dd24c", "IsCustom": false, "Description": "Lets you manage everything except access to resources.", "Actions": [ "*" ], "NotActions": [ "Microsoft.Authorization/*/Delete", "Microsoft.Authorization/*/Write", "Microsoft.Authorization/elevateAccess/Action", "Microsoft.Blueprint/blueprintAssignments/write", "Microsoft.Blueprint/blueprintAssignments/delete" ], "DataActions": [], "NotDataActions": [], "AssignableScopes": [ "/" ] }
Security Principal:
The service principal will use the resources. Azure gives two options when creating a role assignment – User, Group, or service principal and Managed Identity.
Scope:
The resource to which the security principal is given access. It can be either the management group, the subscription, the resource group, resource.
Role Based Access Control in Microsoft Azure
Pre-requisite:- Azure
Azure role-based access control is an access management system built over Azure Resource Manager which provides fine-grained access to specific users over specific resources.
Contact Us