Azure is using Role-Based Access Control (RBAC) to enable fine-grained access management for Azure.
This means that you can grant access to a specific resource (or set of resources) to any user without having to give him Service Administrator privileges (like you had to do in the past).
Quick example: you have an Azure Subscriptions with 10 Virtual Machines and you want to give access to user John to a specific virtual machine named MyAzureVM.
From the Azure Portal, you can do that from the Role settings of the Virtual Machine:
And then with the Add button, you can give John access to the Virtual Machine.
Now, you can also do that for Mike, Bob, Me, Cynthia, Rob…. and for VirtualMachine1, VirtualMachine2 …. And then in a few weeks you are completely lost and you don’t know who has access to what…
Hopefully, Cloudockit Security reports will help you to answer those simple questions:
- Question 1: Who can change the settings of the Virtual Machine PrdSP-NYC.
In the Cloudockit Security Report, go to the Virtual Machine PrdSP-NYC, you will see the following table:
- Question 2: On which Azure resources do I have specific permissions?
In the Cloudockit Security Report, you will see a table that contains all the resources that have specific permissions:
- Question 3: Which Azure resources can be access by John?
In the Cloudockit Security Report, you will see a table that contains all the permissions for each specific user: