What is RBAC (role based access control) in Azure and how does it work?

RBAC (Role-Based Access Control)

RBAC in Azure is a method for managing access to Azure resources by assigning roles to users, groups, or applications. It ensures that permissions are granted based on the principle of least privilege, meaning users get only the access they need to perform their tasks.

How RBAC Works in Azure

RBAC uses roles and role assignments to control who can perform what actions on which resources. Here’s an overview:
1. Roles
• Definition: Roles are collections of permissions that define what actions a user or application can perform on specific resources.
• Types of Roles:
Built-in roles: Predefined roles like Owner, Contributor, Reader, and specific roles for services (e.g., Virtual Machine Contributor).
Custom roles: User-defined roles with tailored permissions.
2. Principals
• These are entities that can have access assigned to them:
Users: Individual accounts in Azure AD.
Groups: Collections of users in Azure AD.
Service principals: Applications or services.
Managed identities: Azure-managed identities for services.
3. Scope
• Definition: The level at which access is assigned. It can be:
Management Group: Highest level, applies to multiple subscriptions.
Subscription: Applies to all resources in a subscription.
• Resource Group: Applies to all resources in a group.
• Resource: Applies to a specific resource.
4. Role Assignment
• A role assignment ties together a principal, a role, and a scope.
• Example: Assigning the Reader role to a user at the subscription level gives the user read-only access to all resources in the subscription.
How RBAC is Used
RBAC is typically used to:
1. Control access:
Assign roles to users based on their job requirements.
2. Secure resources:
Limit permissions to reduce the risk of unauthorized actions.
3. Delegate tasks:
Allow teams to work on specific resources without full access.
4. Audit and compliance:
Monitor who has access to what, for compliance and security.
Example Use Case
Suppose you have a development team working on a project:
1. The project manager might get the Reader role to monitor resources without making changes.
2. The developers might get the Contributor role to manage and deploy resources within a resource group.
3. The DevOps engineer might get the Owner role for full control, including permissions management.Key Benefits
• Granular control: Permissions are precisely defined.
• Flexibility: Custom roles can be created to fit specific requirements.
• Ease of management: Role assignments can be scoped at different levels to simplify administration.

How to Implement RBAC
1. Navigate to the Azure portal.
2. Open the resource, resource group, or subscription where you want to assign a role.
3. Go to the Access control (IAM) section.
4. Click Add > Add role assignment.
5. Select the role, assign it to a principal, and choose the scope.
This setup allows Azure to enforce role-based access dynamically and securely across all your resources.

Clean Architecture in ASP.NET Core

The Clean Architecture pattern has gained significant popularity for the design and development of software applications. It emphasizes key principles to better maintain, scale, and test solutions thanks to well-defined layers and clear separation of concerns. Clean Architecture promotes abstracting external dependencies like databases, UI, or services to let the developer focus on the core domain code.

Source: Clean Architecture in ASP.NET Core – NDepend Blog

Clean Architecture in .NET

Layers in Clean Architecture

Summary

Jason Taylor gives a superb explanation of Clean Architecture on this clip.

Domain and Application are central to the design. It’s the core of the system.

Presentation and Infrastructure belong to the outermost layer and are not dependent on each other. They only depend on Application.

Application only depends on Domain.

Domain has no dependencies.

Source: Clean Architecture. Jason Taylor gives a superb explanation… | by Oscar Olsson | Medium

Microservices for Dummies

Why Microservices?

The concept of Microservices came out of a need of solutions to the problems with monolithic architectures. We refer to an architecture as monolithic if the entire app is built into one executable/package, deployed all or nothing, using one or very few data stores. These applications usually use tiered architectures (e.g. presentation, business logic, data layer) and internal modularization.

Microservices for Dummies by Konstantin Vassilev

The C4 Model for Software Architecture

Software architecture diagrams are a fantastic way to communicate how you are planning to build a software system (up-front design) or how an existing software system works (retrospective documentation, knowledge sharing, and learning).
However, it’s very likely that the majority of the software architecture diagrams you’ve seen are a confused mess of boxes and lines.
www.infoq.com/articles/C4-architecture-model

The Over Designer – Michael’s Coding Spot

michaelscodingspot.com/2017/02/11/the-over-designer/
The Over Designer Have you ever encountered an over designer? An over designer is a software developer that had some life changing event and became obsessed about architecture. The result being, obsessive decoupling, endless coding of Factories, creating deep (also needless) inheritence hierarchies and various use of design patterns for no good reason.

The Onion Architecture : part 1 : Jeffrey Palermo (.com)

I’ve spoken several times about a specific type of architecture I call “Onion Architecture”. I’ve found that it leads to more maintainable applications since it emphasizes separation of concerns throughout the system. I must set the context for the use of this architecture before proceeding. This architecture is not appropriate for small websites. It is appropriate for long-lived business applications as well as applications with complex behavior. It emphasizes the use of interfaces for behavior contracts, and it forces the externalization of infrastructure.
jeffreypalermo.com/blog/the-onion-architecture-part-1/