Planning for Azure Role-Based Security

• Azure provides an RBAC system that allows customers to secure access to Azure deployments.
• Organizations should plan, apply, and regularly manage RBAC configuration to ensure only the appropriate access is assigned.
• The RBAC system is flexible and customizable, but lack of planning can lead to access difficulties or unsecured resources.

Azure role-based access control (RBAC) allows Azure Active Directory (AAD) principals (users and groups) to be authorized to perform administrative and data-related operations on Azure deployments. Organizations should understand the capabilities and management processes of the RBAC system and plan for how it will be used before deploying Azure solutions.

Understanding Azure RBAC

Deploying Azure solutions involves provisioning instances of Azure services, such as VMs and databases, within a customer-configured logical hierarchy. Service instances are called resources, and each resource type defines the operations that can be authorized upon it, such as reading, writing, and deleting. Operations are subdivided into management and data access categories so that users can be assigned access to manage a resource without having access to the data maintained by that resource, and vice versa.