AZ-104 Certification Notes
Chapter 4.9 - Azure Roles CheatSheet
Azure Roles CheatSheet
Within Azure there are 3 kinds of roles:
- Classic subscription administrator roles
- This is the original role system
- Azure roles
- Known as Role-Based Access Controls (RBAC), built on top of Azure Resource Manager
- Azure Active Directory (Azure AD) roles
- Azure AD roles are used to manage Azure AD resources in a directory Identity Access Management (IAM) allows you to create and assign Azure (RBAC system) roles to users. Roles restrict access to resource actions (also known as operations). There are 2 types of roles:
- BuiltInRole
- Managed Microsoft roles are read only pre-created roles for you to use
- CustomRole
- A role created by you with your own custom logic Role assignment is when you apply a role to a user. A role assignment is composed of a Security Principle, Role Definition, and Scope. Azure's 4 built in roles are:
- Owner
- Contributor
- Reader
- User Access Administrator Classic Administrators have 3 types of roles:
- Account Administrator
- The billing owner of the subscription. Has no access to the Azure portal
- Service Administrator
- Same access of a user assigned the Owner role at subscription scope. Full access to the Azure portal
- Co-Administrator
- Same access of a user who is assigned the Owner role at the subscription scope Important Azure AD Roles:
- Global Administrator
- Full access to everything
- User Administrator
- Full access to create and manage users
- Billing Administrator
- Make purchases, manage subscriptions and support tickets You can create custom roles but you need to purchase either: Azure AD Premium P1 or P2