521 Views
June 24, 26
スライド概要
Azure / Microsoft Microsoft 初初初初初初初初 200 初初初初初初 初初初初初初 RBAC 初初初初初初初初初初初 YonaYona Infra Night / 2026.06 .30
Self Introduction Kazuyuki Sakemi ((( ((( https://twitter.com/_skmkzyk https://zenn.dev/skmkzyk https://atbex.attokyo.co.jp/blog/001013001/ https://www.docswell.com/user/skmkzyk Summary #Microsoft and #Azure lover! Working at AEON Smart Technology Co., Ltd. ( (((( (((((((((((((((((((( (((((((( 1
初初初初初初 初初初初初初初初初初初初初初初初初初初初初初初初初 ((((((((((((((((((((( 01 初初初初初初 Azure / Entra / EA ((( 02 ((((((((((( 初初初初初初初 ((((((((((((((( 03 初初初初初 PIM ((((((((((( 2
1. RBAC 初初初 RBAC 初初初初初初初初初初初初初初初初初初初 Principal (((( / (((( / ((( + Role ((((( (( + Scope Access = (( (( ((((( Principal Role Scope 初初初初初初 (((((((( ((((((((( 初初初初初初 Owner ((((( (( Reader / Data Reader ((((( 初初初初初初初 (((((((((((( (((((((( ( 初初初初初初初初初初初初初初初初 Source: Azure (((((((((( - Azure RBAC | Microsoft Learn 初初初初初初初初初初初初初初初初初 初初 3
2. Azure RBAC Azure 初初初初初初初初初初 4初初初初初初初 初初初初初初初初初 初初初初初初初初初初初初初初初初初 初初初初初 + 初初初初初初初初初 (((((((((((((( Owner 初初初初初 初初初初初初 初初初初初初初初初 Contributor 初初初初初初初 (((((((((((((((( ((((((((((((( 初初初初 (((((((((( ((((((((((((((( Reader 初初初初初 User Access Admin. 初初初初初初初初初初初初初 Source: (((((((( ((((((((((((( ((((((((((((((((((( Azure - AZURE RBAC | Microsoft Learn 初初初初 初初初初初初 初初初初初 初初初初初初初初初初初初初初初初初初初 4
3. Entra 初 Azure 初初初 Global Administrator 初 Azure 初初初初初初初初初初 Microsoft Entra (((( 初初初 Azure RBAC / ID / Microsoft 365 ((( ((((((((( ≠ (( Global Administrator / ((((((( (( Owner Contributor Reader / Data Reader (((((((((( User Administrator ((((((((( Billing Administrator Global Administrator ((((((( Source: Azure (((( 初初初初初初初 Azure 初初初初初初初初初初初初初初 Access management for Azure resources → (((((((((((((( Microsoft Entra (((((((((((((((((((((( | Microsoft Learn (( 初初初初初 User Access Administrator ((( 5
3. Entra 初 Azure 初初初 Global Administrator 初初初初初 User Access Administrator 初初初 6
4. 初初初初初初初初初初初初初初 初 初初初初初初初初初初初初初初初初初初 初初初初初初初初初初初初初初初初初 初初初初初初 初 初初初初 / Actions Reader / Contributor / Owner ((((((((((((((( ((((((((((((((((((( 初初初 初初初初 SKU (((( / DataActions Storage Blob Data Reader ((((((((((((((( (( Blob (((((((((((((( 初初初初初初初初初 Source: Azure (((((((((( - Azure RBAC | Microsoft Learn (( (((((( Reader 初初初初初 Blob 初初初初初 (( BLOB ((((((( → 初初初初初初初初初初 7
4. 初初初初初初初初初初初初初初 初初初初初初初初初初初初初 Reader 初初初初初 Storage Blob Data Reader (((((((((((( Blob (((( DataActions ((( Actions Description Actions Description */read Read control plane information for all Azure resources. Microsoft.Storage/storageAccounts/ blobServices/containers/read Return a container or a list of containers. - - Microsoft.Storage/storageAccounts/ blobServices/generateUserDelegationKey/acti on Returns a user delegation key for the Blob service. NotActions NotActions none none DataActions DataActions Microsoft.Storage/storageAccounts/ blobServices/containers/blobs/read none NotDataActions NotDataActions none ((( Azure ((((((((((( Return a blob or a list of blobs. none - Azure RBAC | Microsoft Learn 8
5. 初初初初初初初初 200 初初初初初初初初初初初初初初初初初初初初 200+ Azure RBAC Microsoft ((((((((( 100+ 初初初初初 … 初初初初初初 初初初初初初初初初初初 ①初初初初初 初初初初初初 Azure ((((((( ((((((((((( | Microsoft Learn ID Purview / EA 65+ 100+ / 6 ID / Microsoft 365 (( Azure 初 Entra 初 初 → ②初初初初初初初 ((((((((((((((((((((((((( Source: Microsoft Purview Microsoft Entra 初 初初初 (((((((( 初 初 → ③初初初初 / (( → ④初初 (( 9
5. 初初初初初初初初 Azure / Microsoft 初初初初 Foundry User 初初初初初初初初初初初初初初初初初初 初 Contributor 初初初初初初 ((((((((((((((((((( 初初初初初初 Foundry resource / project ( (( ((((((((((((((( Contributor Foundry User 初 (( (((((((( 初 (( Agent ((( (( 初 (( 初 (( (( (((((( Agent (( role assignment ((( Locks Contributor ((( Foundry User (( Contributor ((((((( Foundry (((((((((((( Actions Description Microsoft.Authorization/locks/read Gets locks at the specified scope. Microsoft.Authorization/locks/write Add locks at the specified scope. Microsoft.Authorization/locks/delete Delete locks at the specified scope. NotActions none DataActions none NotDataActions none 10
6. PIM 初初初初初初初初初初初初初初初初初初初初初初初初 Privileged Identity Management 初初初 1 2 3 4 Eligible Activate Approve / MFA Expire ((( ((((( (((((( ((((((((( ((( MFA ( ((((( 初初初初初初初初初 PIM 初初初初初初初初初初初初 初初初初初初初初初初初初初初初初初初初 Source: Privileged Identity Management (( ? - Microsoft Entra ID Governance | Microsoft Learn ? (((((( ((((( 初 11
7. 初初初初初 初初初初初初初初初初初初初初初初初初初初初 初初初初 01 初初初初初初初 (((((((((((((( Owner (((((((( ((( 02 初初初初初初 03 (((((((( ( (((((((((((((((( 初初初初 (((( Owner ( 3(((( Global Administrator ( 5(((((( 04 初初初 ((((((((( ((((((((((( (Break glass) 2(((( 初初初初初初初初初初初初初初初初初初初初初初初初初初初初初初初初初初初初 Source: Azure RBAC (((( (((((( | Microsoft Learn 12
初初初 初初初初初初初初初初 初初初初初 初初初初初初初初初初初初初初初 初初初初初初初 4初 初初初 Azure / Microsoft or 初初初初初 初初初初初初初初 初初初初初初 初初初初初初初初初 (((((((((((((( 13