Let’s get to know about Azure Active Directory — II
When it comes to an organization, its Employee Hierarchy plays a vital role, as it defines how an organization is structured, and it predefines the role of employees within the organization setup and also pre-sets the nature of the relationship that employees will share with each other. It defines the responsibilities, permissions of each employees and also it defines what can do and what cannot do in each role. Thus when it comes to the cloud services, the same concept is introduced.
So in this article I expect to discuss about the different roles introduced in Azure Active Directory (AAD). Instead of directly jump into AAD Roles, thought to discuss on other different roles in Azure too, in brief.
There are different services in Azure, and a service can be considered as a collection of features, so there should be a way to decide ‘what features for what users’. Thus the ‘roles’ comes in to the picture.
So let’s start to dig more on this ‘roles’.
Q1. What are the categories of roles in Azure Environment?
There are mainly 3 categories of roles can be found in Azure.
- Classic subscription administrator roles
- Azure roles (RBAC Roles)
- Azure Active Directory roles
In the early days of the Azure, they introduced these classic subscription administrator roles. But later Microsoft introduced Role Based Access Control (RBAC) role model. Thus Microsoft introduced Azure roles. Both of these Classic Subscription Administrator roles & Azure RBAC roles are related to Azure Billing or Subscriptions. These users are authorized to manage the services in Azure Portal. So these administrators can be called as ‘Subscription Administrators’.
And next there are next unique set of administrators, as ‘Active Directory Administrators’, to manage the service inside Azure Active Directory.
Following illustration shows the main Categories and fundamental Roles in Azure.
Q2. Differentiate Azure Subscription Administrator and Active Directory Administrator.
- Azure Subscription Administrator — These users are authorized to manage the services in Azure Portal, these users are completely inherited to a particular subscription and non-related to Azure Active Directory. They can manage resources using the Azure portal, Azure Resource Manager APIs, and the classic deployment model APIs.
- Azure Active Directory Administrator — These roles are exist inside Azure Active Directory, and are completely authorized to manage the services, such as manage users, groups etc. inside the Active Directory.
Q3. What are the roles in Azure Classic Subscription?
Q4. What are the Azure (RBAC) roles?
Q5. What are the Azure Active Directory Roles (AAD Roles)?
Q6. Compare Azure Roles & Azure Active Directory Roles.
Q7. Can ‘Global admin manage Azure Subscriptions and Management Groups’?
By default, the Global Administrator doesn’t have access to Azure resources. However, if a Global Administrator elevates their access by choosing the Global admin can manage Azure Subscriptions and Management Groups switch in the Azure portal, the Global Administrator will be granted the User Access Administrator role (an Azure role) on all subscriptions for a particular tenant.
So guys, that’s all regarding the AAD roles and Azure roles. The expectation is this is to discuss about AAD roles and concepts around. As a note, I have to say is,
Do NOT blend Azure roles & Azure Active Directory roles
Readers, if you gained something clap, comment & share. Not only that I really value your comment, ask If you have any questions, correct me if I am wrong on something. In the next article I hope to discuss about how to created AAD in Azure Portal and the Architecture behind. So keep in touch. Until,
Let’s Learn…
References
2. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles