Azure ABAC
Last updated:
AZUREGOVERNANCE
Part of [[202404051739 Governance Overview|azure governance]] Attribute based access control
Why?
- [[202404061249 Azure RBAC|RBAC]] may not be granular enough or we start to hit [[202404061249 Azure RBAC#Limits]]
- Adds conditions to roles assignments based on attributes of resources and principal accessing
Where
Currently restricted to roles that have blob storage or queue storage data actions.
How to assign conditions
- On user level, we could create and add custom attributes for users in [[202404011327 Entra ID|“Entra ID”]]
- In the role (in-built or custom) you can add a condition