As your Azure usage increases and you expand the number of users, Azure supplies a number of tools to ensure that users are able to complete their tasks with the minimum permissions required. This enables you to give the users autonomy without allowing them free reign in the subscription to do whatever they want.

Exam Tip - Microsoft expects you to fully understand this for many of the Azure certification exams including AZ-103, AZ-300, and AZ-301. Skills expected are as follows:

• Manage role-based access control (RBAC)
• create a custom role
• configure access to Azure resources by assigning roles
• configure management access to Azure
• troubleshoot RBAC
• implement RBAC policies
• assign RBAC roles

Role-based Access Control

The first area to investigate is Role-based Access Control (RBAC). By default, within RBAC, a user is denied access to all resources and access need to be granted explicitly. Access can be granted to specific users or groups at various levels within an Azure Subscription. RBAC permissions can be applied at component, resource group, or full subscription-level.

There are several component-specific roles but there are three main roles that concern us initially:

• Owner
• Contributor
• Reader

Continue reading here