Table of Content

Overview

Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.

Azure built-in roles

Azure RBAC has several Azure built-in roles that you can assign to users, groups, service principals (app/non-personal accounts), and managed identities.

Role assignments are the way you control access to Azure resources. If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.

For more info see Link

Managed Identity

Managed Identity is a Service Principal behind the scene.

Managed Identity is nothing but a service principal.

Two Managed identity types:

• System-assigned - It's tied to a Resource. So if resource goes away, this managed identity also goes with it. It's 1:1 relationship between 1 Managed Identity to 1 Resource.
• User-assigned - It's NOT tied to a Resource. It can be used by many resources. It's 1:* relationship between 1 Managed Identity to Many Resources.

Managed Identity is tied to an Azure Resource and is Not User specific.

Managed Identity is nothing but a wrapper on top of your service principals.

When Managed Identity service is created, its Read-Only. It has Client_ID & Object_ID.

See Managed Identity for more info.

Terminology

• x