Info Sharing Blog

Saturday, July 11, 2020

Azure Active Directory User Types and RBAC built-in roles #CloudScribblings

July 11, 2020 Posted by jaacostan ,
Azure Active Directory has two types of Users.

1) Member
A member is a normal cloud user. An Active Directory member can read all directory information and can invite external users. They can also manage their own profile information and can register applications in the AD.
2) Guest
Restricted user  who can manage only their own profile data. Cannot browse the directory and cannot register applications in the AD.

RBAC built-in roles (Top 4)
  1. Owner Role : Lets you manage everything, including access to resources.The owner can add permission, perform actions such as delete, stop the resources.
  2. Contributor Role : This role allows a user to manage all types of resources, but does not allow the user to grant access to resources.To allow a user to have the ability to grant access to resources, the user must be assigned with either the User Access Administrator Role or the Owner Role
  3. User Access Administrator Role : In this role, the user can manage the access to resources. The user would be able to read all resources, but can't modify.
  4. Virtual Machine Contributor Role : This allows to manage the properties of the Virtual Machine. This will not provide access to the underlying virtual network or the storage accounts the virtual machine is connected to.