Unit 6: Analyze Azure Role Permissions

Understanding Permissions

Permissions define what operations can be performed. Permissions flow from roles, which are assigned to users, groups, or service principals.

Member users and guest users have different default permissions, with guests having more restricted access.

Controlling Default Permissions

Administrators can:

• Restrict what users can do by default.
• Prevent application registration.
• Block portal access.
• Limit external collaboration.

Additional permissions should be granted through roles, not default user permissions.

Exploring Role Permissions

Each role contains:

• Role permissions.
• Guest and service principal read permissions.

Administrators should always review what a role grants before assigning it, especially high-impact roles.