Microsoft Azure Essentials Fundamentals of Azure Second Edition e-optimized 5x11 pdf

Using RBAC, Azure AD, and Azure Key Vault to control access to Resource Manager

Download 8,71 Mb.

Pdf ko'rish

bet	124/260
Sana	16.09.2021
Hajmi	8,71 Mb.
	#176022

1 ... 120 121 122 123 124 125 126 127 ... 260

Bog'liq
9781509302963 Microsoft Azure Essentials Fundamentals of Azure 2nd ed pdf

Using RBAC, Azure AD, and Azure Key Vault to control access to Resource Manager
storage accounts
RBAC and Azure AD With Resource Manager RBAC, you can assign roles to users, groups, or
applications. The roles are tied to a specific set of actions that are allowed or disallowed. Using RBAC
to grant access to a storage account only handles the management operations for that storage
account. You can’t use RBAC to grant access to objects in the data plane like a specific container or
file share. You can, however, use RBAC to grant access to the storage account keys, which can then be
used to read the data objects.

109
CHAPTER 4 |    Azure Storage

For example, you might grant someone the Owner role to the storage account. This means they can
access the keys and thus the data objects, and they can create storage accounts and do pretty much
anything.
You might grant someone else the Reader role. This allows them to read information about the
storage account. They can read resource groups and resources, but they can’t access the storage
account keys and therefore can’t access the data objects.
If someone is going to create VMs, you must grant them the Virtual Machine Contributor role, which
grants them access to retrieve the storage account keys but not to create storage accounts. They need
the keys to create the VHD files that are used for the VM disks.

Download 8,71 Mb.

Do'stlaringiz bilan baham:

1 ... 120 121 122 123 124 125 126 127 ... 260