Azure Stack RBAC is a built-in Azure Stack permission service which enables fine-grained access management for Azure Stack resources. The following basic built-in roles are available with Azure Stack:
- Owner: Has full access to all resources including the right to delegate access to others
- Contributor: Can create and manage all types of Azure Stack resources but cannot grant access to others
- Reader: Can view existing Azure Stack resources
RBAC is used to grant specific access to resources and configurations if needed, for example, network settings, without access to other resource settings. It is possible to grant custom permissions and access to specific operations to persons and departments in charge.
Custom RBAC-roles can be set on subscription, resource group, and resource level, the role will be inherited to the child resources. Azure Stack RBAC-roles can be managed by Azure Stack ARM portal, PowerShell (the Azure Stack PowerShell cmdlets are needed...