Azure Access control (IAM) roles - Reader vs Resource specific Reader

Mikhail

12/4/22, 8:46 AM

I can see it very clear from documentation, so asking this here does Azure IAM Reader role includes all that resource type specific Reader role or not exactly? For example if I take some resource, like Log Analytics Workspace - there I can assign both Reader and Log Analytics Workspace Reader, roles descriptions provided by documentation/Azure portal UI are the following:

Reader - The Reader role allows you to view all the resources in an Automation account but can't make any changes.

Log Analytics Reader - The Log Analytics Reader role allows you to view and search all monitoring data as well as view monitoring settings. This includes viewing the configuration of Azure diagnostics on all Azure resources.

By looking at those descriptions it is not super clear as whether I can consider Log Analytics Reader as narrower role/subset of what Reader role assignment gives me when it comes to Log Analytics workspace permissions?

155

1 + 0

azure

Score:1

Server

twistedadmin

12/4/22, 12:37 PM

The role definitions for each built-in role will help you identify exactly which role you want based on which component permissions it provides.

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#log-analytics-reader

0 + 1

Mikhail

12/5/22, 7:45 AM

That helps a little bit, so Reader = */read, Data Analytics Reader = */read, Microsoft.OperationalInsights/workspaces/analytics/query/action, Microsoft.OperationalInsights/workspaces/search/action so if I read this correctly Data Analytics Reader is broader has more permissions and it seems if I grant Data Analytics Reader it also includes all the things plain Reader can do.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Azure Access control (IAM) roles - Reader vs Resource specific Reader

TH: บทบาท Azure Access control (IAM) - Reader vs Reader เฉพาะทรัพยากร

RO: Roluri Azure Access Control (IAM) - Reader vs Resource specific Reader

RU: Роли Azure Access Control (IAM) — средство чтения и средство чтения для конкретного ресурса

VI: Vai trò Kiểm soát truy cập Azure (IAM) - Trình đọc so với Trình đọc cụ thể của tài nguyên

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.