From the course: Microsoft Azure Cosmos DB Developer Specialty (DP-420) Cert Prep: 5 Maintain an Azure Cosmos DB Solution by Microsoft Press
Unlock this course with a free trial
Join today to access over 23,200 courses taught by industry experts.
Manage control plane access to Azure Cosmos DB by using Azure role-based access control (RBAC) - Azure Tutorial
From the course: Microsoft Azure Cosmos DB Developer Specialty (DP-420) Cert Prep: 5 Maintain an Azure Cosmos DB Solution by Microsoft Press
Manage control plane access to Azure Cosmos DB by using Azure role-based access control (RBAC)
- [Instructor] So this is understanding, first of all, the separation between management plane and data plane. Management plane is where you're giving permissions to the account itself. As you can see, we have some built-in Azure AD roles that govern backup. And what I like even more is that notice that they're separated into backup and restore. So you can give a user the ability to configure backup for Cosmos DB but not give them the ability to restore and vice versa. You can give people the ability to read Cosmos DB metadata, not data in the databases and containers, but on the account level, but they would have no access to the data, as I said. Same with operator. Operator can do provisioning but can't work and see the data itself. So the idea here is that you can either use these built-in roles singly or in combination to grant permissions to other users using Azure AD authentication, or you can use just the…
Contents
-
-
-
-
Learning objective49s
-
(Locked)
Choose between service-managed and customer-managed encryption keys2m 3s
-
(Locked)
Configure network-level access control for Azure Cosmos DB6m 15s
-
(Locked)
Configure data encryption for Azure Cosmos DB1m 10s
-
(Locked)
Manage control plane access to Azure Cosmos DB by using Azure role-based access control (RBAC)2m 36s
-
(Locked)
Manage data plane access to Azure Cosmos DB by using Azure Active Directory1m 38s
-
(Locked)
Configure Cross-Origin Resource Sharing (CORS) settings1m 41s
-
(Locked)
Manage account keys by using Azure Key Vault1m 19s
-
(Locked)
Implement customer-managed keys for encryption53s
-
(Locked)
Implement Always Encrypted12m 55s
-
-
-
-