If you've ever worked in any form of systems administrator role then you will be familiar with process automation, even only for simple tasks like automating backups. You will also be familiar with the pain of configuring and managing identities for these automated processes (expired password or disabled/deleted account ever caused you any pain?!) While … Continue reading Azure Automation Runbooks with Azure AD Service Principals and Custom RBAC Roles
The introduction of the Azure Resource Manager platform in Azure continues to expose new possibilities for managing your deployed resources.
One scenario that you may not be aware of is the ability to use scoped RBAC role assignments to grant limited rights to Azure AD-based users and groups.
We know Azure provides us with many built-in RBAC roles, but it may not be immediately obvious that you can control their assignment scope.
What do I mean by this?
Simply that each RBAC role (including custom ones you create) can be used at various levels within Azure starting at the Subscription level (i.e. applies to anything in the Subscription) down to a Resource (i.e. applies just to one particular resource such as a Storage Account). Role assignments are also cascading – if I assign “Owner” rights to a User or Group at the Subscription level then they have that role…
View original post 355 more words