{"id":614,"date":"2021-06-23T19:35:09","date_gmt":"2021-06-23T19:35:09","guid":{"rendered":"https:\/\/www.spktechfit.com\/?p=614"},"modified":"2021-06-23T19:35:09","modified_gmt":"2021-06-23T19:35:09","slug":"7-manage-rbac-role-based-access-control","status":"publish","type":"post","link":"https:\/\/www.spktechfit.com\/?p=614","title":{"rendered":"7. Manage RBAC (Role Based Access Control)"},"content":{"rendered":"<h1 style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt; color: #1e4e79;\">Overview of RBAC<\/h1>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">\n<h2 style=\"margin: 0in; font-family: Calibri; font-size: 14.0pt; color: #2e75b5;\">Access Control (IAM)<\/h2>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">This is where we can set access for resources. You will find this option at the &#8220;resource group&#8221; level and the resource level.<\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">\n<p>&nbsp;<\/p>\n<h3 style=\"margin: 0in; font-family: Calibri; font-size: 12.0pt; color: #5b9bd5;\">Checking Access<\/h3>\n<ul style=\"margin-left: .375in; direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Go to the resource you want to check -&gt; Access Control<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Click on Check Access<\/span><\/li>\n<\/ul>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">\n<h3 style=\"margin: 0in; font-family: Calibri; font-size: 12.0pt; color: #5b9bd5;\">\nAssigning Access<\/h3>\n<ul style=\"margin-left: .375in; direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Go to the resource you want to check -&gt; Access Control<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Go to Role Assignments -&gt; Add Role Assignment<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">You get a large number of built in roles to select from. The main ones are:<br \/>\n&#8211; Owner (keys to the castle, can do everything. Same as contributor plus can grant access to others)<br \/>\n&#8211; Contributor (create\/edit\/delete resources, just cant set permissions)<br \/>\n&#8211; reader (can see resources but cant edit them)<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Select the user\/group to grant access to<\/span><\/li>\n<\/ul>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">\n<h3><\/h3>\n<h3 style=\"margin: 0in; font-family: Calibri; font-size: 12.0pt; color: #5b9bd5;\">Deny Access<\/h3>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">If an account is getting inherited permissions to resource, but you don\u2019t want it to access it, you use &#8220;Deny assignments&#8221;. This works in a similar way to Role Assignments<\/p>\n<p style=\"margin: 0in; margin-left: .375in; font-family: Calibri; font-size: 11.0pt;\">\n<h1><\/h1>\n<h1 style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt; color: #1e4e79;\">Creating Custom RBAC Roles<\/h1>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">\n<h2><\/h2>\n<h2 style=\"margin: 0in; font-family: Calibri; font-size: 14.0pt; color: #2e75b5;\">Using PowerShell<\/h2>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/role-based-access-control\/tutorial-custom-role-powershell\">https:\/\/docs.microsoft.com\/en-us\/azure\/role-based-access-control\/tutorial-custom-role-powershell<\/a><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">The recommended way to do this is to:<\/p>\n<ul style=\"margin-left: .375in; direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Take an existing role<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Export it to a JSON format (Get-AzRoleDefinition)<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Then modify it<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Create new role from tis JSON file (New-AzRoleDefinition)<\/span><\/li>\n<\/ul>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">EG:<\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-weight: bold; font-style: italic;\">Get-AzRoleDefinition -Name &#8220;Reader&#8221; | ConvertTo-Json | Out-File C:\\CustomRoles\\ReaderSupportRole.json<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\">\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-weight: bold; font-style: italic;\">New-AzRoleDefinition -InputFile &#8220;C:\\CustomRoles\\ReaderSupportRole.json&#8221;<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview of RBAC Access Control (IAM) This is where we can set access for resources. You will find this option at the &#8220;resource group&#8221; level and the resource level. &nbsp; Checking Access Go to the resource you want to check -&gt; Access Control Click on Check Access Assigning Access Go to the resource you want [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,3],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/614"}],"collection":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=614"}],"version-history":[{"count":5,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/614\/revisions"}],"predecessor-version":[{"id":619,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/614\/revisions\/619"}],"wp:attachment":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}