![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 70%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,194 questions
No, I can't provide you with such a list, just want to do some remarks.
You have to understand the differences...
at the resource group level, you administer the services in Azure itself, who can deploy services in that rg, who can manage those deployed services, make changes to the service configuration, and who is allowed to deploy a new SQL server (eventually cost impact)
at the service level (kv, SQL server...), you are setting up security IN the service itself, e.g., in a key vault... who is allowed to create secrets, who are allowed only to read secrets or on a SQL server... who is allowed to create new databases, you can create new users and set roles for those new users.
So you will find many services in Azure where you have to make this "two-level security approach."