Скачать или смотреть What is Role-Based Access Control?||How to Assign users to Groups and roles? || AZ500||Azure

In this video, we are going to create users and assign relevant roles to them using the Azure active directory, PowerShell, and bash.


Playlists:
AZ104(Microsoft Azure Administrator) playlist:   • How to Create and Configure Azure AD users...  

AZ500(Microsoft Azure Security Technologies) playlist:
   • What is Azure policy?||Azure Policy vs Azu...  

AZ700(Designing and Implementing Microsoft Azure Networking Solutions) playlist:
   • Design and implement a Virtual Network in ...  

AZ900(Microsoft Azure Fundamentals) playlist:
   • How to Create Virtual Machine in Azure || ...  

SC300(Microsoft Identity and Access Administrator):
   • Introduction to SC300||Demo session of Exa...  

Machine learning playlist
   • Linear Regression Machine Learning (python...  

Access management for cloud resources is a critical function for any organization that is using the cloud. Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.

Here are some examples of what you can do with Azure RBAC:

Allow one user to manage virtual machines in a subscription and another user to manage virtual networks
Allow a DBA group to manage SQL databases in a subscription
Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets
Allow an application to access all resources in a resource group

The way you control access to resources using Azure RBAC is to assign Azure roles. This is a key concept to understand – it's how permissions are enforced. A role assignment consists of three elements: security principal, role definition, and scope.

A role assignment is the process of attaching a role definition to a user, group, service principal, or managed identity at a particular scope for the purpose of granting access. Access is granted by creating a role assignment, and access is revoked by removing a role assignment.

The following diagram shows an example of a role assignment. In this example, the Marketing group has been assigned the Contributor role for the pharma-sales resource group. This means that users in the Marketing group can create or manage any Azure resource in the pharma-sales resource group. Marketing users do not have access to resources outside the pharma-sales resource group, unless they are part of another role assignment.

Multiple role assignments
So what happens if you have multiple overlapping role assignments? Azure RBAC is an additive model, so your effective permissions are the sum of your role assignments. Consider the following example where a user is granted the Contributor role at the subscription scope and the Reader role on a resource group. The sum of the Contributor permissions and the Reader permissions is effectively the Contributor role for the subscription. Therefore, in this case, the Reader role assignment has no impact.
Role assignments are transitive for groups which means that if a user is a member of a group and that group is a member of another group that has a role assignment, the user will have the permissions in the role assignment.



Description reference:
https://docs.microsoft.com/


useful links:
https://docs.microsoft.com/

Please do follow:
  / mraviteja9949  

You can also learn from Microsoft labs in Github.

This video is created for educational purposes (AZ700 course).
Here is the link to practice labs:
https://github.com/MicrosoftLearning/... #ravitejamureboina