CONTENT
Microsoft Azure Overview: Creating Service Principals
Learn Azure RBAC to manage access, define permissions, and create role assignments for fine-grained Azure resource management.
Saartje Ly
Data Engineering Intern
May 26, 2024
What is Role-Based Access Control?
Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what actions they can perform, and which areas they can access. Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.
It allows us to define the following points:
1. Who has access?
2. What type of access?
3. How much access?
To control access to resources with Azure RBAC, you create role assignments.
This is a key concept to understand - it’s how permissions are enforced. A role assignment consists of three elements: security principal, role definition, and scope.
Important Concepts
- Roles
A role definition, commonly referred to as a role, is a collection of permissions. It outlines the operations that can be performed, such as read, write, and delete. Roles may be high-level, like owner, or specific, like virtual machine reader.
1. Owner: Has full access to all resources including the right to delegate access to others
2. Contributor: Can create and manage all types of Azure resources but can’t grant access to others
3. Reader: Can view existing Azure resources
4. User Access Administrator: Lets you manage user access to Azure resources
- Scope
Scope is the set of resources that the access applies to. When assigning a role, you can restrict the allowed actions by specifying a scope. This is helpful if you want to make someone a Website Contributor, but only for one resource group.
- Security Principal
A security principal is an object that represents a user, group, service principal, or managed identity that is requesting access to Azure Resources.
Download the Azure CLI
To create our Service Principal we will use the Azure Command Line Interface.
Download the Azure CLI from this link. There are options on the left hand side to also install for macOS and Linux.
Scroll down, and download the Latest MSI of the Azure CLI.
Open the Azure CLI, accept the terms and agreements, then install.
Once installed, open Visual Studio Code.
Open extensions, and install Azure CLI Tools.
Then, type ‘az login’ in the terminal to sign in.
Create a new text file, then enter the code ‘az ad sp create-for-rbac --name NameOfPrincipalAuth > NameOfOutput.json’ in the terminal.
This should create a new file which will show up in your Explorer to the left.
Then, log in to your Microsoft Azure Portal.
Navigate to App registrations. Here, you will be able to see your Service Principal.
What is Role-Based Access Control?
Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what actions they can perform, and which areas they can access. Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.
It allows us to define the following points:
1. Who has access?
2. What type of access?
3. How much access?
To control access to resources with Azure RBAC, you create role assignments.
This is a key concept to understand - it’s how permissions are enforced. A role assignment consists of three elements: security principal, role definition, and scope.
Important Concepts
- Roles
A role definition, commonly referred to as a role, is a collection of permissions. It outlines the operations that can be performed, such as read, write, and delete. Roles may be high-level, like owner, or specific, like virtual machine reader.
1. Owner: Has full access to all resources including the right to delegate access to others
2. Contributor: Can create and manage all types of Azure resources but can’t grant access to others
3. Reader: Can view existing Azure resources
4. User Access Administrator: Lets you manage user access to Azure resources
- Scope
Scope is the set of resources that the access applies to. When assigning a role, you can restrict the allowed actions by specifying a scope. This is helpful if you want to make someone a Website Contributor, but only for one resource group.
- Security Principal
A security principal is an object that represents a user, group, service principal, or managed identity that is requesting access to Azure Resources.
Download the Azure CLI
To create our Service Principal we will use the Azure Command Line Interface.
Download the Azure CLI from this link. There are options on the left hand side to also install for macOS and Linux.
Scroll down, and download the Latest MSI of the Azure CLI.
Open the Azure CLI, accept the terms and agreements, then install.
Once installed, open Visual Studio Code.
Open extensions, and install Azure CLI Tools.
Then, type ‘az login’ in the terminal to sign in.
Create a new text file, then enter the code ‘az ad sp create-for-rbac --name NameOfPrincipalAuth > NameOfOutput.json’ in the terminal.
This should create a new file which will show up in your Explorer to the left.
Then, log in to your Microsoft Azure Portal.
Navigate to App registrations. Here, you will be able to see your Service Principal.
What is Role-Based Access Control?
Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what actions they can perform, and which areas they can access. Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.
It allows us to define the following points:
1. Who has access?
2. What type of access?
3. How much access?
To control access to resources with Azure RBAC, you create role assignments.
This is a key concept to understand - it’s how permissions are enforced. A role assignment consists of three elements: security principal, role definition, and scope.
Important Concepts
- Roles
A role definition, commonly referred to as a role, is a collection of permissions. It outlines the operations that can be performed, such as read, write, and delete. Roles may be high-level, like owner, or specific, like virtual machine reader.
1. Owner: Has full access to all resources including the right to delegate access to others
2. Contributor: Can create and manage all types of Azure resources but can’t grant access to others
3. Reader: Can view existing Azure resources
4. User Access Administrator: Lets you manage user access to Azure resources
- Scope
Scope is the set of resources that the access applies to. When assigning a role, you can restrict the allowed actions by specifying a scope. This is helpful if you want to make someone a Website Contributor, but only for one resource group.
- Security Principal
A security principal is an object that represents a user, group, service principal, or managed identity that is requesting access to Azure Resources.
Download the Azure CLI
To create our Service Principal we will use the Azure Command Line Interface.
Download the Azure CLI from this link. There are options on the left hand side to also install for macOS and Linux.
Scroll down, and download the Latest MSI of the Azure CLI.
Open the Azure CLI, accept the terms and agreements, then install.
Once installed, open Visual Studio Code.
Open extensions, and install Azure CLI Tools.
Then, type ‘az login’ in the terminal to sign in.
Create a new text file, then enter the code ‘az ad sp create-for-rbac --name NameOfPrincipalAuth > NameOfOutput.json’ in the terminal.
This should create a new file which will show up in your Explorer to the left.
Then, log in to your Microsoft Azure Portal.
Navigate to App registrations. Here, you will be able to see your Service Principal.
CONTENT
SHARE