Hello Everybody,

Hope you all are doing good !!! 🙂 .

In our last article we have discussed how to secure our storage account using Shared Access Signature (SAS) With Stored Access Policy. Today in this article we will discuss how to secure our Storage account using Azure role-based access control (Azure RBAC).

Previous Azure series :

1. Learn Basics Of Azure Networking In 60 Hours
2. Learn Basic Of Azure Active Directory And Azure Identity And Access Management
3. Azure DevOps – Learn at one place

If you have missed our previous articles on Azure Storage and Database Series, please check it in following links.

Part 1 – Overview Of Azure Storage and Database

Part 2 – Azure Storage Account

Part 3 – Azure Blob Storage

Part 4 – Work With Azure Blob Storage

Part 5 – Storage Explorer For Azure Storage

Part 6 – Azure Blob Storage – Snapshot Using Storage Explorer

Part 7 – Azure Blob Storage – Shared Access Signature (SAS)

Part 8 – Secure Azure Storage Using Stored Access Policy

Next Article : Part 10 – Configure Stored Access Policy Using PowerShell

Role Based Access Control (RBAC) :

Azure role-based access control (Azure RBAC) is a system that provides fine-grained access management of Azure resources. Using Azure RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. If you want to learn more about RBAC, check our following articles

1. Part 39 – Azure Role-Based Access Control(RBAC) 1 – Overview
2. Part 40 – Azure Role-Based Access Control(RBAC) 2 – Configure Custom RBAC Role Using Azure portal
3. Part 41 – Azure Role-Based Access Control(RBAC) 3 – Configure Custom RBAC Role Using Power Shell

Use Case:

We have 3 different Storage Accounts exists for different purpose in our subscription as showing in the following figure.

Recently one new employee (Uday Joshiia) joined our team and he want access to one of the storage account (kj21storageacount) to perform his task. As we can see in the following figure there is no access to any of the storage account for him . Now we need to give access to only one account (kj21storageacount). Lets go through the following steps to provide him the access using Azure role-based access control (Azure RBAC).

Step 1 – Let’s log-in to our Azure Portal and navigate to storage accounts. Then, select the storage account (kj21storageacount) as showing in the following figure.

Step 2 – As showing in the following figure navigate to Access control (IAM) => click the Role assignments tab add a new role.

Step 3 – From Role Assignments tab, click +Add button to open “Add role assignment” blade.

Step 4 – In “Add role assignment” blade, select the role to assign to the Azure AD identity (in our case it’s the user), then search for the user (Uday@manasmoharanagmail.onmicrosoft.com) to whom we want to assign the role and select it as showing in the following figures.

1. Role: Storage Account Contributor.
2. Assign access to: Azure AD user, group, or service principal
3. Select: Search a specific user ( Uday@manasmoharanagmail.onmicrosoft.com ) and select it.

Once we select user, it will be visible under Selected members. We can add as many users or groups if there is any requirement. Click on Save button to add the role assignment.

Once done. Navigate to Access control (IAM) -> Role assignments, and we can see that now Uday has now Storage Account Contributor role to kj21storageacount storage account.

Step 5 – As we saw in the above figure, Uday has sufficient access rights to work on the required storage account. Let’s check again if Uday can see the storage account by log-in to the portal.

Now we can see that Uday has access to storage account as well as all its contains.

I hope this is informative to you. Please let me know if I missed anything important or if my understanding is not up to the mark.

Next Article : Part 10 – Configure Stored Access Policy Using PowerShell

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles.

Thanks for reading 🙂 .