THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

John Paul Cook

In The Cloud: Owner Role and Security Administration

Azure uses Role Based Access Control (RBAC), which is something people generally don’t pay at lot of attention to when initially learning how to use the Azure portal. Take a close look at the screen capture shown below. The Delete button is disabled. There are definitely times you want to protect Azure resources from accidental deletion. That’s just basic good governance.

image

Figure 1. Delete button disabled for a Data Catalog resource.

The reason that the Delete button is disabled can be understood by going to subscription management.

image

Figure 2. In the Azure portal, click the arrow to show more services, then select Subscriptions.

image

Figure 3. Notice that I was in the User Access Administrator role which doesn’t have delete privilege.

The individual vertical sections in the Azure portal are called blades. Clicking the Add button causes the Add Permissions blade to appear. You need to select a role and then select the member(s) to add to the role.

image

Figure 4. The Add Permissions blade before selecting member(s) to add to the role.

image

Figure 5. The Add Permissions blade after selecting member(s). Click Save to make the RBAC change.

image

Figure 6. Notice that the Delete button is now enabled. It doesn’t immediately perform the deletion. It prompts you to make sure.

image

Figure 7. Prompt to make sure you really want to do this. Notice that the Delete button is disabled at this point.

Typing the resource group name is a pain. I always move the mouse over the resource group name in the warning, double-click, copy, and paste.

image

Figure 8. Use copy and paste to simplify the deletion process.

image

Figure 9. The Delete button is enabled after entering it into the box.

image

Figure 10. Deletion in progress.

Published Saturday, May 20, 2017 1:34 AM by John Paul Cook
Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Leave a Comment

(required) 
(required) 
Submit

About John Paul Cook

John Paul Cook is a database and Azure specialist in Houston. He previously worked as a Data Platform Solution Architect in Microsoft's Houston office. Prior to joining Microsoft, he was a SQL Server MVP. He is experienced in SQL Server and Oracle database application design, development, and implementation. He has spoken at many conferences including Microsoft TechEd and the SQL PASS Summit. He has worked in oil and gas, financial, manufacturing, and healthcare industries. John is also a Registered Nurse currently studying to be a psychiatric nurse practitioner. Contributing author to SQL Server MVP Deep Dives and SQL Server MVP Deep Dives Volume 2. Connect on LinkedIn

This Blog

Syndication

Archives

Privacy Statement