PaaS that allow access policy

Prasad, Rakesh 221 Reputation points
2022-08-26T05:13:25.367+00:00

hi,

I have noticed that, giving access at RG level doesnt always translate to giving access to sub-resource level.

e.g. In case of KeyVault, i have to give user/sp/app access at resource level too by going inside KV >> Access Policies.

I am wondering which all PaaS components act in similar way? i can think of SQL server as one of them

can someone help me with this?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,113 questions
Azure SQL Database
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,683 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Bjoern Peters 8,781 Reputation points
    2022-08-26T11:41:23.56+00:00

    No, I can't provide you with such a list, just want to do some remarks.

    You have to understand the differences...

    at the resource group level, you administer the services in Azure itself, who can deploy services in that rg, who can manage those deployed services, make changes to the service configuration, and who is allowed to deploy a new SQL server (eventually cost impact)

    at the service level (kv, SQL server...), you are setting up security IN the service itself, e.g., in a key vault... who is allowed to create secrets, who are allowed only to read secrets or on a SQL server... who is allowed to create new databases, you can create new users and set roles for those new users.

    So you will find many services in Azure where you have to make this "two-level security approach."

    0 comments No comments