8 hours 33 minutes
Hello, Siberians. Welcome to this demonstration on Azure key vote.
This demonstration is part of the HBO do off. The is that 500 Microsoft Azure security technologist costs
quick information on the activities that will be completing in this demonstration.
We'll start by first. Configuring verb is access control fire jerky vote
would end confit grant access policy for azure key votes
and finally will verify both verb is access control on access policy. Let's get right into this
In the first task off this demonstration our configure vobis access control fire jerky vote
on Harris. A visual representation off what I'll be doing.
I have a key vote called Super Clouds KV
I have a secret would in it called Secret password
In the first, ask our grant management plan access to the as your 80 user called Brenda so that you can view and manage the vote on also view usage information.
So here I am in the azure Pato.
If I go ride on, click on my key votes I created here
and within the key vote we have access control
figure I'd and click on access control
if I grammatically conv all assignments to view existing VEL assignment. You can say that only the user, David asked. Management plan access to this key vote.
So what is our guide and click on Hard
and I'll click on Advil assignment
and I'll select the key vote contributor. Vote
on our assigned us to the user Brenda on a wired and click save.
And now that that is saved, he can see that Brenda now has keyboard contributor management plan access to this key vote.
So in the next task off this demonstration,
our configure on access policy for Azure key vote on here is a visual representation of what? RB Dean. How grants did a plane access to the Azure 80 user called John so that John can view secrets in the key vote. I'll be configuring the access policy
so allow the guest list operations for secrets in the key vote.
So here I am, back in the azure Pato and I'm under the key votes that I have
now on the left hand side. We can see access policies here, so that's where we grant data plane access for great and click on access policies.
I can see that only the use of David currently as data plan access to this key vote. So if I go ahead and click on add access policy
now to select the permissions that I want, I can guide and configure. It's using a template, or I can specify the permissions by myself. So what I'll do is I'll be specifying Onley access to secrets. And I will be specifying Get on list operations on Lee
for the principal. I'll go ahead and click on the option to select the principle
on our quiet and said For my user, John
and I have Jones account yet If I go ahead and select John
and I great and click on Select
now, if I go ahead and click on Hard
now, its added that, but it's not yet completed. Do not forget to click on the safe option here, but before I click on the safe option, I just want to mention a few teams. So we measure where we're reviewing as a key vote in the last lesson about advance access policy.
And this is where we can configure those three use cases that we discussed
our while and just click seventies on Was that it saved Now John has data plane access to view secrete in this key vote
and in the final task off this demonstration are very five boats Devo based Access Control on access policy that we configured
on is a visual representation off. What are between
are very fighter. Brenda can view vote information using a management plane access. However, Brenda should not be able to view and a secret within the key vote are also very fighter. John can view secrets in the key vote, but John should not be able to view
information about the key vote properties.
So here I am, back in the azure Pato. This time around, I'm logged in as Brenda on this brother Tab and I'm logged in as John on another browser tab over here.
So let's verify if Brenda can view the key vote management plane.
If I go ahead and click on subscriptions,
we can sit up. Brenda can view the subscription, and Brenda has resource access. So if I go ahead and click on the subscription
and I go ahead and select resources
now, Brenda can on leave you the results that she has permissions to. So if I go ahead and select that resource.
And if I grabbed and taken properties, you can see that brand. I can view the properties off the ski vote. If I go ahead and click on access policies, you can see that Brenda can review and even modify the access policy for this key vote because the permission that we grant it allows her to do that.
However, if I go, I'd and click on secrets.
We get a message that says Brenda is no authorized to view secret. So that looks to be working.
We have true role separation management plan access Onley with doubts. Did a plane level access.
So let's go to confirm the same thing on the side off John. So here I am in a shell window, logged in as John
Verify the John can access the data plain and with secrets and the key vote. How be using the command line and I'll be running this command?
Is that key Evil Secret Show
the name of the secrets that I have, which is called Secret Password
on the name of the key votes. So if I go ride and run that
you can see that John can retrieve value off this secret within the key vote.
However, if I switch over to the idea Pato
on, I'm currently on the subscriptions. If I quiet and refresh that
John cannot even view any subscription because John doesn't have management level access toe any resource in azure.
So here's a somebody off the activities that we completed in this demonstration
we started by configuring verbals access control for your key votes
with all comfort. Got an access policy for your key vote
on Dwight. Very fried robe is access control on access policy that we configured for the two years is that we tested wit.
Thanks very much for watching and I'll see you in the next lesson.