Role-Based Access Control

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
22 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
24
Video Transcription
00:00
>> Hello everyone and welcome to this lecture.
00:00
In this lecture we're going to be talking about
00:00
role-based access control and what
00:00
this means for you and Azure AD.
00:00
The learning objectives are going to be to
00:00
understand what RBAC is,
00:00
or role-based access control,
00:00
that at a high level,
00:00
fundamental level,
00:00
>> and then how it applies within Azure.
00:00
>> Then we're going to dive into the differences between
00:00
Azure roles and Azure AD roles,
00:00
which is a little confusing,
00:00
but hopefully by the end of this lecture
00:00
you'll understand the difference.
00:00
Role-based access control
00:00
>> is essentially how we classify
00:00
>> users and groups of users to only
00:00
have access to particular resources.
00:00
This is the whole idea behind
00:00
least privilege and separation of duties.
00:00
With least privilege
00:00
>> what we're trying to do is restrict
00:00
>> a user to only have access to
00:00
the things that they need in order to do their job.
00:00
The reason why we want to do this,
00:00
is because the accidents
00:00
happen and they may end up dabbling up to
00:00
something that they don't know that they shouldn't be
00:00
dabbling into and something bad could happen.
00:00
We could have data leakage,
00:00
a virus could be let in unnecessarily,
00:00
and malware could go and spread across the network,
00:00
bad things can happen.
00:00
What we're trying to do is limit
00:00
the blast radius for bad things happening.
00:00
When we're talking about separation of duties,
00:00
it's similar but different.
00:00
What we're trying to do here is say
00:00
that Joe who works in marketing,
00:00
is going to have access to
00:00
only the marketing resources and Jill,
00:00
who works in accounting,
00:00
is going to have only the things
00:00
that she needs to have over on accounting.
00:00
They're going to be different. They should
00:00
not be a crossover,
00:00
they're separate because of their duties.
00:00
Their duties are different.
00:00
With role-based access control,
00:00
we can silo these individuals to only
00:00
the resources that they need access
00:00
to based on their duties.
00:00
When it comes to Azure,
00:00
the Azure Resource Manager
00:00
is the control plane
00:00
for all the Azure resources that you're going
00:00
to be working with in the Azure Cloud.
00:00
It is essentially a bucket
00:00
that you're going to be categorizing everything.
00:00
Your VMs, your networks,
00:00
your blobs, all that stuff,
00:00
is going to fall within
00:00
an Azure Resource Management Group,
00:00
and you're going to be using
00:00
the Azure Resource Manager to handle all of that.
00:00
You can do this through
00:00
various means like the CLI and the PowerShell,
00:00
and we'll get into this later on.
00:00
But the role-based access control is
00:00
critical to how users
00:00
interact with the Azure Resource Manager and in turn,
00:00
the resources, the actual web
00:00
apps and the actual VMs and what have you,
00:00
whatever you're going to be building in the cloud,
00:00
that's going to fall within
00:00
>> that Azure Resource Manager.
00:00
>> RBAC control is going to protect the organization and
00:00
the users that are working with those resources.
00:00
Now the differences between
00:00
Azure roles and Azure AD roles.
00:00
Now, I found this funny when I was
00:00
learning about this because why
00:00
would they name them so similarly?
00:00
It just boggles my mind.
00:00
But the difference here is
00:00
the AD and I know that's like a [inaudible],
00:00
it stands out, obviously the name is different.
00:00
But there is actually
00:00
a difference in what these two different roles do.
00:00
Azure roles are going to be used to manage
00:00
the cloud resources within the resource manager,
00:00
and Azure AD roles are going to be used to
00:00
manage the user accounts
00:00
and the access that
00:00
these user accounts are going to have to things.
00:00
We use RBAC to manage Azure service resources,
00:00
the things that we were talking about earlier,
00:00
VMs and VNets and what have you.
00:00
But we also use RBAC to
00:00
manage user and administrator accounts as well.
00:00
There are two different ways to looking at it.
00:00
You can manage two different environments,
00:00
you can manage the Azure AD environments,
00:00
that ecosystem or you can manage
00:00
the Azure services environment as well.
00:00
RBAC does play a role in both situations,
00:00
so you do have that opportunity.
00:00
All right everybody, this was a short one.
00:00
But to summarize real quick,
00:00
we covered what RBAC is at
00:00
a high level and how it can be used in Azure.
00:00
We also covered a difference between
00:00
Azure roles and Azure AD roles,
00:00
and did a little comparison there.
00:00
I hope this was helpful.
00:00
The next step on this course,
00:00
you're actually going to be diving into
00:00
a lab where you're going to have the opportunity
00:00
to create a role and
00:00
>> you're going to have the opportunity
00:00
>> to begin working with some RBAC type principles.
00:00
I hope you guys have fun with that.
00:00
If you have questions, feel free to reach out.
00:00
If not, I'll see you in the next module.
Up Next
Use RBAC and Design a Custom Role Lab
1h
Module 2 Conclusion
1m
Introduction to Module 3
2m