Configuring RBAC usage in Azure Key Vault

  1. Home
  2. Configuring RBAC usage in Azure Key Vault

Go back to AZ-500 Tutorials

In this tutorial, we will learn and understand about the RBAC management plane in Azure key Vault.

However, in the management plane, you use Azure role-based access control (Azure RBAC) for authorizing the operations a caller can execute. Similarly, in the RBAC model, each Azure subscription has an instance of Azure AD. In this, you grant access to users, groups, and applications from this directory. Further, access is granted for managing resources in the Azure subscription that uses the Azure Resource Manager deployment model. For granting access, use the Azure portal, the Azure CLI, Azure PowerShell, or the Azure Resource Manager REST APIs.

Next, you create a key vault in a resource group and manage access by using Azure AD. Then, you grant users or groups the ability for managing the key vaults in a resource group. Moreover, you can also grant the access at a specific scope level by assigning appropriate Azure roles. For granting access to a user for managing key vaults, you assign a predefined key vault Contributor role to the user at a specific scope. 

AZ-500 practice tests

The scopes levels below can be assigned to an Azure role:

  • Firstly, Subscription. This means that an Azure role that assigns at the subscription level applies to all resource groups and resources within that subscription.
  • Secondly, the Resource group. This means an Azure role that assigns at the resource group level applies to all resources in that resource group.
  • Lastly, Specific resource. An Azure role that assigns for a specific resource applies to that resource. However, in this case, the resource is a specific key vault.

Azure built-in roles

Azure role-based access control (Azure RBAC) consists of various Azure built-in roles that you can assign to users, groups, service principals, and managed identities. However, the role assignments are the way you control access to Azure resources. And, if the built-in roles don’t meet the specific needs of your organization, then you can create your own Azure custom roles.

AZ-500 online course RBAC usage in Azure key vault concept

Reference: Microsoft Documentation

Go back to AZ-500 Tutorials

Menu