RBAC & ABAC roles

Azure RBAC Roles or simply Azure roles, provides access management for Azure resources using the authorization system of ARM. There are over more than 120 built-in roles and we can define custom roles too.

However, there are five fundamental roles:

RBAC Assignment

Something to remember:

Principal HAS role ON scope

ABAC

ABAC builds on RBAC and provides fine-grained access control based on attributes of a resource, security principal and environment. These are implemented using role assignment condition.

  • Only used by storage accounts

  • Low level functionality

If these are all RBAC/ABAC managed, who manages them? Well this is where Entra ID roles come in.

Last updated