Implementing RBAC
RBAC is a built-in feature of Microsoft Entra ID that allows you to manage access to Azure resources using roles. This way, we can control who can perform specific actions on resources in Azure. This helps in maintaining a secure environment and ensures that users have only the permissions they need to perform their tasks.
Each role in RBAC is essentially a set of distinct permissions that operate in different scopes. We can assign a role to a management group, subscription, resource group, and resource. A role assignment at a higher scope is inherited by resources at a lower scope. For example, if we assign a role to a user at the subscription level, they will have those permissions across all resources within that subscription. Each role assignment in Azure has three distinct parts—the role, the scope, and the service principal, as we can see in the following diagram:
Figure 6.1 – Role assignment
The principle can be...