Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
.gitignore
README.md
approvedImagesOnly.params.definition.json
approvedImagesOnly.rules.json
doNotAllowResources.params-ip.json
doNotAllowResources.params.definition.json
doNotAllowResources.rules.json
lockSubnet.params.definition.json
lockSubnet.rules.json
roleStartStopVM.json.example
tagging.rules.json

README.md

Intro to Role based access control and policy demo

In traditional IT operations responsibilites are split in order to provide right level of expertize and operational policies are being defined so our security and business continuity goals are achieved. There are two areas that need to be discussed.

First we need to make sure that complex and risky tasks are handled by experts and hold them accountable. At the same time we need to make sure this does not slow down processes too much and others can leverage predefined resources in self-service way. As an example we might want networking and security team to provide connectivity and network security while systems administrators and developers are not able to bypass this (because that puts business under threat), but let them select from predefined "managed" options immediately. In Azure this can be achieved by Role Based Acess Control.

Second because IT is complex human error is inevitable we might want to define set of common policies that would prevent some unwanted situations. For example we might enforce categorization of deployed resources so it is always clear whether it is dev, test or production, what department is paying for that, what data category (like internal, confidential, personal, ...) are used. For certain systems we might want to prevent applications to be deployed in improper network or prevent running resources with no firewall protection. This is where Azure Policy comes.

Azure RBAC is handling what resources and resource groups users get access to. Azure Policy is to define rules for resource groups and subscriptions that all users have to follow.

Author

Tomas Kubica, linkedin.com/in/tkubica, Twittter: @tkubica

Blog in Czech: https://tomaskubica.cz

Looking forward for your feedback and suggestions!

You can’t perform that action at this time.