🔥 Check out my documented journey on how to set up Configuration Manager (MECM) and my updated notes on the Azure AZ-104 Exam! 🔥
Posts
Microsoft
Azure
AZ-104
AZ-104 Certification Notes
ExamPro Course Notes
Chapter 4 - Azure Roles
Chapter 4.6 - Azure Roles

AZ-104 Certification Notes

Chapter 4.6 - Azure Roles

Anatomy of an Azure Role

Azure Role document syntax of the property names will change whether it's Azure PowerShell or Azure CLI.

  • Name
    • (roleName) The display name of the custom role
  • Id
    • (name) The unique ID of the custom role. This is autogenerated for you
  • IsCustom
    • (roleType) Indicates whether this is a custom role. (true or false)
  • Description
    • (description) The description of the custom role
  • Actions
    • (actions) An array of strings that specifies the management operations that the role allows to be performed.
  • NotActions
    • (notActions) An array of strings that specifies the management operations that are excluded from the allowed Actions
  • DataActions
    • (dataActions) An array of strings that specifies data operations the role is allowed perform to your data within that object.
  • NotDataActions
    • (notDataActions) An array of strings that specifies the data operations that are excluded from the allowed DataActions
  • AssignableScopes
    • (assignableScopes) An array of strings that specifies the scopes that the custom role is available for assignment. You can only define one management group in AssignableScopes of a custom role.
  • Wildcard permissions
    • Actions, NotActions, DataActions, and NotDataActions support wildcards (*)
    • A wildcard allows you to apply to match everything

Practice Quiz

  • Which Azure Role document syntax contains the display name of the custom role?

    • AssignableScopes
    • Name
    • Id
    • Description

  • Which Azure Role document syntax contains an array of strings that specifies data operations the role is allowed perform to your data within that object?

    • DataActions
    • IsCustom
    • AssignableScopes
    • Description

  • What are Actions in the Azure Role document syntax?

    • An array of strings that specifies the management operations that the role allows to be performed.

  • What are AssignableScopes in the Azure Role document syntax?

    • An array of strings that specifies the scopes that the custom role is available for assignment. You can only define one management group in AssignableScopes of a custom role.
Chapter 4.5 - Azure AD RolesChapter 4.7 - Policies vs RBAC