Access Management Part 3: Role Based Access Control

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Greetings, Saberi ins.
00:03
Welcome back to the in this 3 65 security administration course
00:07
I am pleasure to be your instructor
00:10
setting the same, right? Can I say that was Highbury
00:13
one plus
00:14
Okay.
00:15
It's my pleasure to be your instructor,
00:17
Jim Daniels.
00:19
And today we're a model to identity and access.
00:22
Lesson three, access management, part three. Role based access control.
00:29
In this lesson, we're gonna go over
00:31
how the planet configure role based access control are back in M s 3 65. The difference between azure or back rolls and azure admin roles
00:41
and monitoring are back usage.
00:45
Access management for cloud race forces is critical function
00:49
least privilege.
00:50
You can do the most damage when you have access to all of the management of those functions
00:55
as our back is an authorization system Built one azure resource manager that provides fine grained access. Management of azure resource is, as there are back, makes life easier
01:07
to use the principle of at least privileged access.
01:11
Charles Barkley.
01:11
He was famous for saying he is not a role model.
01:15
He didn't want kids Look up to him.
01:17
He's an honor role model.
01:19
You know what is a role no,
01:22
as a or back as a or back.
01:25
They have models of roles that you wonder if users to use.
01:29
So where is Charles Barkley? Not a role model? And Rohrback? Yes, definitely. Role models
01:34
worsen things you can do
01:36
with as or back.
01:38
You can allow a user to manage virtual machines and a subscription, and another demands virtual networks.
01:44
You can allow Deviate Group to manage sequel databases and a certain subscription.
01:49
You can allow the user to manners. All resource is in a resource. Stories.
01:52
You can allow an application, access all resources, and you can use as a or back for users for groups as well as application access
02:04
are back rolls on this.
02:06
As Rohrback uses, role is on its to control access.
02:08
Rose on has made a three key elements
02:13
security principal role. Definition scope.
02:15
Security Principle is an object that represents a user group, service principle or managed identity as requested access to resources and azure.
02:25
The user is an individual who has a profound as radi.
02:30
You can also assign roles to users and other tenants.
02:34
Group. A set of users created in as radi
02:38
service principle,
02:38
a security identity used by applications or services to access specific
02:45
as a resource is, think of it as a user identity for an application,
02:50
managed identity
02:52
and identity. And as Brady that's automatically manage. Lazar
02:55
typically managed identities air used with developing cloud applications to major credentials for authenticating to services.
03:04
Role definition.
03:05
It's a collection of permissions.
03:07
Typically, this is called a role.
03:09
A role definition. List. The operations that can be performed.
03:14
What read, write do it
03:16
Rose could be high level like owner or very specific, like a partial machine reader,
03:23
as your includes several building roles that we can use
03:29
some of those roles.
03:30
Owner contributor Raider User access at man
03:34
scope is a set of resource is that the access applies to
03:38
it's the what?
03:40
What do you have a role to control
03:44
When you sign a role, you can father limit the actions
03:47
by the fire in the skirt
03:50
and as your you can specify scope of multiple levels.
03:53
A national group
03:54
situation, resource group, or resource is
03:59
scopes are structured in a parent child relationship.
04:03
Now to exponentially confuse everyone,
04:06
let's look at as Rohrback roles and classic azar 80 administrator roles.
04:14
If it's little stocking cost for it was confusing.
04:16
Yeah, kind of
04:18
from the classic
04:19
subscription administrator roles.
04:21
Can't a man service at me and cut that man? Those were three classic subscription and managerial roles. In Asher.
04:29
There's classic subscription at men's At full access to our subscriptions
04:33
as a rolls
04:35
is the level above that as a rose. The authorizations Remember as her or back? We just talked about it.
04:42
So it's a more refined,
04:45
more detailed and grandeur
04:46
over the whole as your environment
04:49
as Ray D. Rose. That's a subset within Azure. Remember, as Brady is only a small service with an azure as a whole.
04:59
So as a radi rolls, those are the ones that you're probably most familiar with as a relation in that straight 65 global admin at Batman Building at Man,
05:10
those are Andy has Radi 10
05:15
by default as ER and as your 80 rolls do not overlap
05:19
as the global have make and elevate permissions to manage as your A D as a user access admin role
05:27
as your A D and office 3 65 Global Ammons do not have access to as a resource is
05:34
remember azure as a whole was much bigger than just azure 80.
05:39
As Ray D. Is a subset
05:42
of the services that you find within Asher
05:46
to configure, as there are back,
05:49
you could be permission and asked my yourself authorization role assigned that
05:55
role assignments. Dooley.
05:57
User access at man and owner As roles include those
06:00
use the
06:02
access control Azra blade in your eyes or subscription to configure or back roads.
06:09
Here we're actually and access control blade within. After with an as description,
06:14
we see where we have Rolla Sina Weaken do at a role assignment,
06:16
war Echo Administrator, which isn't on the classic role assignments or add a custom role, but we define
06:26
so we're gonna go to roll assignment.
06:28
And here we have the priest alighted roles
06:30
the canned
06:32
out of the box and there are back rolls.
06:34
This one we're into, Reader,
06:38
we're gonna sign access to a user. We have the user down there we've selected,
06:44
and this will add that users who the reader are back role.
06:47
We also can go in and look at the pretty define or custom
06:54
are the rules.
06:56
In this example, we went into the security admin
06:59
and Malouda permissions, So this is a type.
07:02
So this is a list of the permissions
07:05
that make up
07:08
the security admin role.
07:11
Yeah, we'll get analytics partial management
07:14
one down. The worst
07:15
really fine grained stuff
07:18
or about usage is monitored and audited.
07:23
It's in the azure activity log.
07:26
The actions monitored Role Assignment Creator rolled the leader role at a role. Custom role definition.
07:33
Great at a do it. All of those are assigned
07:36
here. We can see an example of an activity law where a role was created
07:42
and it was assigned.
07:45
When we click on the actual
07:47
event. For more information, we could see additional details.
07:53
Time stamps,
07:56
scope, roll everything
08:01
Quis role assignment is made of which three elements
08:07
security, principal role policy, scope,
08:09
security, principal role definition scope
08:13
are back. Principal role definition
08:15
parameter
08:16
or about principal role policy. Scope.
08:20
This was kind of struck me. I'll give you a little bit of time for
08:24
so a B, C or D. Which one is it?
08:31
If you said B, you're correct,
08:35
you win a virtual star
08:37
one. The virtual board
08:39
that is next to your name as an outstanding student
08:43
security principal role definition s scope. Those or three elements that make up a role assignment
08:52
to recap. Today's lesson,
08:54
as there are back, is an authorization system
08:56
bill on Azure resource manager that provides fine grain access. Management of Azure resource is
09:03
role assignments are comprised of security principle,
09:07
role definition and scope.
09:09
The answer. Activity log logic to monitor
09:13
and log as Rohrback activities.
09:16
Thank you for joining me. I hope to see you for the next video.
09:18
Take care.
Up Next
MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By