1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Managing Role-Based Access Control on Azure

Configure Access to Azure Resources

The course is part of these learning paths

AZ-500 Exam Preparation: Microsoft Azure Security Technologies
course-steps 11 certification 1 lab-steps 3
AZ-103 Exam Preparation: Microsoft Azure Administrator
course-steps 15 certification 6 lab-steps 8
AZ-203 Exam Preparation: Developing Solutions for Microsoft Azure
course-steps 20 certification 1 lab-steps 7
Azure Services for Security Engineers
course-steps 8 certification 4 lab-steps 3
more_horiz See 2 more

Contents

keyboard_tab
Role Based Access Control
1
Introduction
PREVIEW1m 37s
2
Overview
PREVIEW2m 47s
7
Summary
2m 31s
play-arrow
Start course
Overview
DifficultyIntermediate
Duration19m
Students1304
Ratings
4.8/5
star star star star star-half

Description

Course Overview

Role-Based Access Control, or RBAC, is how you can manage access to resources in Azure. RBAC works by creating role assignments that can apply to different levels of your tenant. A role assignment is broken down into three elements: the security principal, the role definition, and the scope you apply it to.

Custom roles in Azure's role-based access control provide the flexibility for any organization to create roles that are not covered by the built-in roles.

We will also look at common scenarios when troubleshooting role-based access control in Azure.

Learning Objectives

  • Identify the different elements that create the role assignment
  • Configure access to resources in Azure
  • Implement a custom role
  • Troubleshoot common RBAC problems

Intended Audience

  • People who want to become Azure administrators

Prerequisites

  • General knowledge of the Azure portal

Related Training Content

To discover more courses covering Microsoft Azure topics, visit our dedicated Azure Training Library.

Transcript

Role-based access control is how you can manage access to resources in Azure. As you navigate through Azure, from the management group, subscription, resource group all the way down to the individual resources, you will notice a blade called Access Control IAM. This is where you can view, add and remove role assignments. Let's go to the Azure portal and see how we can view, add and remove these role assignments. Here we are in the Azure portal under Resource Groups. Let's select our resource group and we will notice that we have a virtual machine that is already deployed. Let's give access to Ari as he is tasked with managing all virtual machines in this resource group. Click on Access Control. To add a role assignment, we can add it by clicking on the Add button on the right-hand side or we can hit the Add Role Assignment in the menu bar. Under Role, we will see a list of all the built-in roles possible. And we'll scroll all the way down to Virtual Machine Contributor. In the Select field, we can search for Ari's name, select his name and hit Save. Now Ari has access to this user's group and to manage the virtual machine. 

We can check Ari's access by typing in his name. And here we'll see the results of the access that he has. We can close that. As well as you can go to Role Assignments. Here we'll see all of the role assignments for the resource group. Some of them are inherited and Ari is at the bottom, we're a virtual machine contributor for this resource group. We can remove Ari's access by selecting his user and clicking Remove. In this short demo, we added our user, Ari, to the virtual machine contributor role. We then verified his access by going to Check Access and reviewed the Role Assignments tab. We then finished off by removing the role assignment to the resource group.

About the Author

Students1536
Courses2

With over 15 years of experience in the IT industry, Eric Leonard is a Microsoft Azure MVP and a Cloud Solution Architect. Eric’s experience working with Microsoft technologies, with a strong emphasis on cloud and automation solutions, enables his clients to succeed in today’s technological environment. Eric has worked for clients in a variety of different industries including large and small enterprises, the public sector, professional services, education, and communications.

When he is not working, Eric believes in sharing his knowledge and giving back to the IT community. He is the co-organizer of the Ottawa IT community meetup, which has over 1,000 members, and he enjoys presenting and mentoring in the community.