RBAC

Welcome back! If you haven’t seen my deep dive on conditional role assignments with Bicep make sure to read that first. Because I left a major flaw in that example code. I assigned a permenantly active ‘Owner’ role assignment. Of course, this is not a realistic scenario. To manage your Azure resources safely, we need to have Privileged Identity Management (PIM)! Let’s iterate further on my previous blog and see how you can combine PIM with role assignment conditions to keep your landing zones secure. ...

In modern cloud environments, finding the right balance between workload autonomy and security control is crucial. While development teams need extensive permissions to manage their resources effectively, security teams must ensure these privileges don’t compromise the organization’s security posture. Azure’s conditional role assignments provide an elegant solution to this challenge, allowing us to grant broad permissions while maintaining strict security boundaries. The Challenge Traditional role-based access control (RBAC) often forces organizations to choose between two suboptimal approaches: ...