Session5 C Subscription, Resource
Group and Resource RBAC
UT-Kloud
Introduction
Hi everyone, let’s get started! Can you confirm if my screen is visible and if you can hear me well? Great!
Before we move ahead, does anyone have any doubts or questions? Feel free to ask anything.
Questions and Answers
Question 1: Can you please explain the resource group again?
Question 2: The active directory you showed doesn’t look like the normal activity we usually use. Can you
explain?
Question 3: What do you mean by granular access level?
Okay, let’s address these questions one by one. First, let’s start with the concept of access and granular a
ccess level.
Access and Granular Access Level
Access or granular access level refers to the level of control and permissions that users have over resour
ces in a system. It allows users to have specific permissions and access to only the resources they need,
rather than giving them full access to everything.
To understand this better, let’s look at the diagram below:
Diagram
In the diagram, the red layer represents the cloud, and the green box represents a tenant. A tenant is a lo
gical group of users, resources, and services within a cloud environment. Each tenant has a unique name
, which can be customized to match a company’s domain.
Within a tenant, there can be multiple subscriptions. In this case, we have three subscriptions: a free trial,
a pay-as-you-go subscription, and another subscription named "C". However, for our example, let’s focus
on the free trial subscription.
Under the free trial subscription, we have resource groups. A resource group is a logical container that hol
ds related resources. In this case, we have two resource groups: "Legal" and "Pay App". Each resource g
roup can contain multiple resources.
Now, to answer the question about being a part of multiple resource groups, the answer is yes. As a user,
you can be a part of multiple resource groups within a subscription. However, it’s important to note that a
resource group is not a person, but rather a container for resources.
I hope this clarifies the concept of access and resource groups. If you have any further questions, please f
eel free to ask.
Future Infrastructure Diagram
Currently, our infrastructure diagram represents the current state of our system. However, in the future, w
e may have additional components.
Users
We have three types of users:
Sohail - A trainer who needs access to all resources and resource groups.
Legal User 1 - A member of the legal team who only needs access to the legal resource group.
Pay App User 1 - A member of the Pay App team who only needs access to the Pay App resource group.
Adding Users to Azure Active Directory
The first step for all three users is to add them to Azure Active Directory. Without being added to the direc
tory, they cannot be granted access to any subscriptions or resource groups.
Group and Resource RBAC
UT-Kloud
Introduction
Hi everyone, let’s get started! Can you confirm if my screen is visible and if you can hear me well? Great!
Before we move ahead, does anyone have any doubts or questions? Feel free to ask anything.
Questions and Answers
Question 1: Can you please explain the resource group again?
Question 2: The active directory you showed doesn’t look like the normal activity we usually use. Can you
explain?
Question 3: What do you mean by granular access level?
Okay, let’s address these questions one by one. First, let’s start with the concept of access and granular a
ccess level.
Access and Granular Access Level
Access or granular access level refers to the level of control and permissions that users have over resour
ces in a system. It allows users to have specific permissions and access to only the resources they need,
rather than giving them full access to everything.
To understand this better, let’s look at the diagram below:
Diagram
In the diagram, the red layer represents the cloud, and the green box represents a tenant. A tenant is a lo
gical group of users, resources, and services within a cloud environment. Each tenant has a unique name
, which can be customized to match a company’s domain.
Within a tenant, there can be multiple subscriptions. In this case, we have three subscriptions: a free trial,
a pay-as-you-go subscription, and another subscription named "C". However, for our example, let’s focus
on the free trial subscription.
Under the free trial subscription, we have resource groups. A resource group is a logical container that hol
ds related resources. In this case, we have two resource groups: "Legal" and "Pay App". Each resource g
roup can contain multiple resources.
Now, to answer the question about being a part of multiple resource groups, the answer is yes. As a user,
you can be a part of multiple resource groups within a subscription. However, it’s important to note that a
resource group is not a person, but rather a container for resources.
I hope this clarifies the concept of access and resource groups. If you have any further questions, please f
eel free to ask.
Future Infrastructure Diagram
Currently, our infrastructure diagram represents the current state of our system. However, in the future, w
e may have additional components.
Users
We have three types of users:
Sohail - A trainer who needs access to all resources and resource groups.
Legal User 1 - A member of the legal team who only needs access to the legal resource group.
Pay App User 1 - A member of the Pay App team who only needs access to the Pay App resource group.
Adding Users to Azure Active Directory
The first step for all three users is to add them to Azure Active Directory. Without being added to the direc
tory, they cannot be granted access to any subscriptions or resource groups.
