Skip to main content

Azure RBAC

개요

  • Security Principal 에 role 을 assign 할 수 있다
  • Security Principal 은 4개가 있다
    • User
    • Group
    • Service Principal
    • Managed Identity
  • 그룹은 role 이 전이가 가능
  • Scope 가 있음

어떻게 할당?

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#general

  1. Scope 를 설정
  2. Resource Group을 설정했다고 치자
  3. IAM 에서 Role 을 김연우에게 할당했다
  4. 그럼, Resource Group 내에서 해당 Role 을 수행할 수 있음

특정 리소스에게 권한을 할당하려면?

https://learn.microsoft.com/ko-kr/entra/identity/managed-identities-azure-resources/overview

Managed Identity

- System-assigned managed identity User-assigned managed identity
권한 해당 리소스에만 적용됨 권한 공유 가능
특징 리소스삭제하면 같이 삭제됨

할당하기 위한 Role

Owner or User Access Administrator 필요

To assign Azure roles, you must have:

Microsoft.Authorization/roleAssignments/write permissions, such as Role Based Access Control Administrator or User Access Administrator

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#role-based-access-control-administrator

No Comments
Back to top