Azure RBAC(Role-Based Access Control) example use case
๐ฏ๐๐ณ๐ฎ๐ซ๐ ๐๐๐๐ ๐๐ฑ๐๐ฆ๐ฉ๐ฅ๐
โ To further understand how Azure RBAC works, letโs look at an example scenario.
๐ Letโs say that Cloudnloud Tech Community is a business that uses Microsoft Azure for its cloud computing requirements.
๐Each of the departments within Cloudnloud Tech Community, including HR, Finance, and IT, has its own set of Azure resources, including virtual machines, storage accounts, and databases.
๐All of the companyโs Azure resources are managed by the IT department.
๐The IT department uses Azure RBAC to give responsibilities to users in each department, ensuring that each department may only access the resources it requires.
๐ ๐จ๐ซ ๐ข๐ง๐ฌ๐ญ๐๐ง๐๐:
๐The HR department is given the โReaderโ role for all Azure resources, which allows them to view but not edit them.
๐The Finance department is given the โContributorโ role for the companyโs Finance database, which allows them to build and manage resources in that database but not to access any other Azure services.
๐The IT department is given the โOwnerโ role in Azure for all resources, allowing them to create, delete, and edit any resources in the companyโs subscription.
๐One day, an HR employee named Swetha logs in to Azure and tries to delete a virtual machine, but she receives an error message saying that she doesnโt have permission to perform that action.
๐For all Azure resources, Swetha has only been given the โReaderโ role, which prevents her from making any modifications.
๐Swetha approaches the IT department to request authorization to destroy the virtual machine, and the IT department gives her the โVirtual Machine Contributorโ role for that particular virtual machine, enabling her to delete it.
๐A Finance employee named Vijji logs in to Azure and tries to access a storage account to which she doesnโt have permission.
๐She receives an error message stating that she is not authorized to view that resource.
๐This is because Vijji has only been assigned the โContributorโ role for the companyโs Finance database, and not for the storage account.
๐Vijji contacts the IT department to request permission to access the storage account, and the IT department assigns her the โStorage Account Contributorโ role for that specific storage account, which allows her to access it.
๐In this way, Azure RBAC ensures that each department only has access to the resources it needs and that users can only perform actions that they have been granted permission to perform. This helps to ensure the security and integrity of the companyโs resources in Azure.
๐ Follow me Swetha Mudunuri on LinkedIn, and check my GitHub profile swethamudunuri07
๐ Follow Cloudnloud Tech Community for more information on cloud training and career guidance & CloudnLoud@youtube YouTube channel
