Azurecloud~30 mins

Role-Based Access Control (RBAC) in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Role-Based Access Control (RBAC) in Azure

📖 Scenario: You are managing access to resources in an Azure subscription for a small team. You want to control who can do what by assigning roles to users.

🎯 Goal: Build a simple Azure RBAC setup by creating a resource group, defining a role assignment, and assigning a user to that role.

📋 What You'll Learn

Create a resource group named MyResourceGroup in the eastus region

Define a role assignment variable for the Reader role

Assign the Reader role to a user with the object ID 12345678-1234-1234-1234-123456789abc

Complete the role assignment configuration referencing the resource group and user

💡 Why This Matters

🌍 Real World

Controlling who can access and manage Azure resources is essential for security and compliance in any organization.

💼 Career

Understanding RBAC is a key skill for cloud administrators, security engineers, and DevOps professionals managing Azure environments.

Progress0 / 4 steps

Create an Azure resource group

Write an Azure CLI command to create a resource group named MyResourceGroup in the eastus region. Use the command az group create with the parameters --name MyResourceGroup and --location eastus.

Azure

# Your Azure CLI command here to create the resource group

Need a hint?

Use az group create --name MyResourceGroup --location eastus to create the resource group.

Define the Reader role assignment variable

Create a variable called readerRole and set it to the built-in Azure role ID for the Reader role: acdd72a7-3385-48ef-bd42-f606fba81ae7.

Azure

az group create --name MyResourceGroup --location eastus
# Define the readerRole variable with the Reader role ID

Need a hint?

Assign the Reader role ID string to the variable readerRole.

Assign the Reader role to a user

Create a variable called userObjectId and set it to the user object ID 12345678-1234-1234-1234-123456789abc. Then write an Azure CLI command to assign the readerRole to this user for the resource group MyResourceGroup. Use az role assignment create with parameters --assignee-object-id, --role, and --scope.

Azure

az group create --name MyResourceGroup --location eastus
readerRole="acdd72a7-3385-48ef-bd42-f606fba81ae7"
# Define userObjectId and assign the Reader role to the user

Need a hint?

Use az role assignment create --assignee-object-id $userObjectId --role $readerRole --scope /subscriptions/$(az account show --query id -o tsv)/resourceGroups/MyResourceGroup.

Complete the role assignment configuration

Add a command to verify the role assignment by listing role assignments for the resource group MyResourceGroup. Use az role assignment list with the parameter --scope set to the resource group path.

Azure

az group create --name MyResourceGroup --location eastus
readerRole="acdd72a7-3385-48ef-bd42-f606fba81ae7"
userObjectId="12345678-1234-1234-1234-123456789abc"
az role assignment create --assignee-object-id $userObjectId --role $readerRole --scope /subscriptions/$(az account show --query id -o tsv)/resourceGroups/MyResourceGroup
# Verify the role assignment

Need a hint?

Use az role assignment list --scope /subscriptions/$(az account show --query id -o tsv)/resourceGroups/MyResourceGroup to see the assignments.