Attribute Based Access Control (ABAC) is now in public preview! Learn how to make it easier for your organization to manage access to Azure resources at scale:
The public preview of Attribute Based Access Control (ABAC) in Azure builds on Azure Role-Based Access Control (RBAC) to make it easier for organizations to manage access to Azure resources at scale. This first release of ABAC supports Azure Storage with resource attributes. Many of you are familiar with Azure RBAC role assignments, which enable you to grant access to one Azure resource or all resources in a hierarchy.
We’ve received the following feedback for Azure RBAC.
- In some scenarios, you need more fine-grained access control than what RBAC offers. For example, you need to grant access to some, not all, resources in a hierarchy.
- You need to make access control decisions based on business information, such as a resource’s deployment stage or a user’s project. Such information is commonly referred to as attributes or tags and using attributes in access control decisions is commonly referred to as ABAC.
- As your Azure usage grows, you need to manage access with relatively fewer role assignments.
With this preview, you can now write ABAC conditions in Azure role assignments. An ABAC condition consists of one or more target actions and a corresponding logical expression using attributes. When a user tries to perform the targeted action in an ABAC condition, the logical expression must evaluate to true to grant access. By using attributes as additional inputs into access control decisions, you can achieve even more fine-grained access control than what RBAC offers with relatively fewer role assignments.
…
Read the full announcement here:
kurtsh
Kurt Shintaku's Blog 