Implementing Role Based Permissions for Azure Storage

Wednesday, December 4th 2019 @ 10:02 pm CST

This wasn't as straightforward as I'd hoped it would be, so I'm adding what I learned here in the hopes that it can help someone else should you find yourself in a similar situation.

The company I work for is moving a lot of our infrastructure to Azure, and it's pretty neat! I'm not a Microsoft fan in particular, but it's been a mostly pleasant platform to work on, on par with AWS at least. Recently we needed to implement role based access for blob storage containers. It was a little tricky, but once I found the right articles it was fairly simple to do.

First, make sure you have a resource of some sort that you'd like to allow a group uniform permissions to. In the Azure portal, you can open an Azure PowerShell and run the following command:

New-AzureADGroup -DisplayName "RBAC Tutorial Group" `
   -MailEnabled $false -SecurityEnabled $true -MailNickName "NotSet"

The real magic is in the -SecurityEnabled $true part. Now when you go through the Add Role Assignment dialog for one of your resources, you can search for the group you created under Select and it will show up. Add it, save it, and bask in the beauty of RBAC for your storage containers 😎

For more details on this process, check out this article by Microsoft: Tutorial: Grant a group access to Azure resources using RBAC and Azure PowerShell