Get startedGet started for free

Configure Azure permissions

1. Configure Azure permissions

Next, we are going to configure Azure permissions for the previously created users and groups. Azure permissions are vital for controlling access to resources, ensuring security, and maintaining compliance within the Azure cloud environment. Properly configured permissions empower organizations to grant specific privileges to users and groups, enhancing resource management and minimizing potential security risks. For start, we go to users and we look for Michael. On the user’s screen we can see here plenty of information about the current user. It is also the place where we can assign directory roles if we need to. Let's configure Michael as a global administrator. We go to "Assigned roles" and add the new assignment. Refresh and we can now see the assigned role. To get an overview of all directory roles and their assignment, we can use the "Roles and administrators" screen. Selecting any role from the list will show any existing assignments. Let's continue with role-based access control permissions. We have two resource groups already available: "datacamp-finance" and "datacamp-bi". And there is a storage account in each resource group. We need to make sure the Finance department can access the storage account from their resource group. This should be applicable for any future storage accounts that will be created. To implement this we go to "Access control" pane of the resource group. And we assign the Finance team the "Storage Blob Data Contributor" role. This will allow them to fulfill their work without impediments while also following the principle of least privilege. This means they do not get more permissions than they need to. Double check the info and assign. If we now go to "Role assignments" tab we can see the permission was added. Let's perform the same steps for "datacamp-bi" resource group and "BI" group. We choose the same role "Storage Blob Data Contributor" and we assign it to the "BI" group. We can now see the assignment. If we navigate to the "Overview" pane of the resource group and select the storage account. We can validate the role assigned at the resource level. We see an important detail, mentioning the assignment comes from a higher level and it is inherited. This means that whatever assignments are done at the resource group level are automatically inherited by the resources within. Let's assign the same role only on this storage account for Diane. We can observe that Diane has the permission implemented only for the current resource. The assignment, management and security of roles at the directory level or RBAC is a complex topic. If this is something you are interested in, I encourage you to read more on this subject and, if possible, get some hands-on experience. Now it's time to examine assigned RBAC permissions through an interactive exercise on your own.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.