Permissions in Azure Security Center

«« Previous
Next »»

Azure Security Center uses Role-Based Access Control (RBAC), which provides built-in roles that can be assigned to users, groups, and services in Azure.

Security Center assesses the configuration of your resources to identify security issues and vulnerabilities. In Security Center, you only see information related to a resource when you are assigned the role of Owner, Contributor, or Reader for the subscription or resource group that a resource belongs to.

In addition to these roles, there are two specific Security Center roles:

◈ Security Reader: A user that belongs to this role has viewing rights to Security Center. The user can view recommendations, alerts, a security policy, and security states, but cannot make changes.

◈ Security Administrator: A user that belongs to this role has the same rights as the Security Reader and can also update the security policy and dismiss alerts and recommendations.
Note

The security roles, Security Reader and Security Administrator, have access only in Security Center. The security roles do not have access to other service areas of Azure such as Storage, Web & Mobile, or Internet of Things.

Roles and allowed actions


The following table displays roles and allowed actions in Security Center. An X indicates that the action is allowed for that role.

Role Edit security policy  Apply security recommendations for a resource  Dismiss alerts and recommendations   View alerts and recommendations 
Subscription Owner X X X X
Subscription Contributor 
Resource Group Owner  --  -- 
Resource Group Contributor  --  -- 
Reader  --  --  --  X
Security Administrator  -- 
Security Reader  --  --  -- 

Note

We recommend that you assign the least permissive role needed for users to complete their tasks. For example, assign the Reader role to users who only need to view information about the security health of a resource but not take action, such as applying recommendations or editing policies.

«« Previous
Next »»

0 comments:

Post a Comment