Providing access to resources by assigning the custom RBAC role – Microsoft AZ-104 Exam
Providing access to resources by assigning the custom RBAC role
The next step is to assign this custom role for a user on a different level. We are going to assign access on the resource group level with an account that has owner permissions on the resource group level:
- Navigate to the Azure portal by opening a web browser and going to https://portal.azure.com.
- Select Resource groups on the left, which will show all the current resource groups:
3. Select one of your resource groups; if you do not have one yet, you need to create one in any region you want and call it Az-104. In this scenario, I will use one of my resource groups, also called Az-104:
4. Next, go to the Access control (IAM) section, click on Add, and select Add role assignment:
5. A new blade opens up; under Role, search for the custom role we created called IT support – Restart VMs only. Under Assign access to, leave it as User, group, or service principal and select PacktUser1, which we created in Chapter 1,Managing Azure Active Directory Objects and click on Save:
That’s it – we have now successfully created and assigned a custom RBAC role to a user named PacketUser1. The final step is to validate the role assignment.
Confirming the role assignment steps
Now that we have assigned a role to a user, let’s go ahead and confirm that it’s working as expected:
- Navigate to the Azure portal by opening a web browser and browsing to https://portal.azure.com (you will need to sign in as the user that you assigned your custom role).
- Select All resources on the left, which will show all the current resource groups:
3. You will be able to see all the VMs listed that are part of the specified resource group:
4. Select a started VM that is available – in my case, this will be prod-vm1 – and see if you can stop the VM:
5. A pop-up error message will display Failed to stop virtual machine, and that is how we can confirm our custom RBAC role, which denies a user stopping a VM that is working as expected and that only restarting the VM is allowed:
In this section, we looked at how to assign a custom RBAC role via the Azure portal and confirmed that the custom role is applied and working as expected.
We encourage you to read further by using the following link, which goes into more detail about assigning roles in Azure: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current.