Azure ABAC Brings Finer-Grained Security

• Azure Attribute-based access control, in preview, allows authorizing certain Azure activity at a more detailed level than has been possible.
• It could help organizations tighten security on Azure deployments while reducing the complexity of doing so for some scenarios.
• It only works with Azure Storage-based resources, but it could become more broadly supported across Azure services.

Azure Attribute-Based Access Control (ABAC) is a new subfeature of Azure role-based access control (RBAC) that could address limitations organizations have reached with RBAC. RBAC enables organizations to define the access administrators, developers, and other users have to Azure resources such as Azure Storage blobs. ABAC allows more precise, scalable access definitions. However, ABAC brings new security configurations that will require additional planning and processes; ABAC could break critical workflows or enable undesired activity if applied improperly.

New Subfeature of RBAC

RBAC allows Azure Active Directory (AAD) principals (for example, users and groups) to be authorized to perform administrative and data-related operations on Azure deployments. RBAC allows principals to be authorized for sets of actions, defined as roles, giving them permission to perform those actions on particular resources or groups of resources.