[Azure RBAC] 요약
개요
- Security Principal 에 role 을 assign 할 수 있다
- Security Principal 은 4개가 있다
- User
- Group
- Service Principal
- Managed Identity
- 그룹은 role 이 전이가 가능
- Scope 가 있음
어떻게 할당?
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#general
- Scope 를 설정
- Resource Group을 설정했다고 치자
- IAM 에서 Role 을 김연우에게 할당했다
- 그럼, Resource Group 내에서 해당 Role 을 수행할 수 있음
특정 리소스에게 권한을 할당하려면?
Managed Identity
System-assigned managed identity
User-assigned managed identity
https://learn.microsoft.com/ko-kr/entra/identity/managed-identities-azure-resources/overview
할당하기 위한 Role
Owner or User Access Administrator 필요
To assign Azure roles, you must have:
Microsoft.Authorization/roleAssignments/write permissions, such as Role Based Access Control Administrator or User Access Administrator