when you have multiple subscriptions in a tenant, it is very easy to configure the same role assignments for all the subscriptions in a tenant.
By using the Azure AD Privileged Identity Management ( PIM )
The Azure AD Privileged Identity Management ( PIM ) service also allows privileged role administrators to make permanent admin role assignments.
another example of using the role assignment:
when you create an AKS cluster, Azure also creates a service principal to support cluster operability with other azure resources. you can use this auto-generated service principal for authentication with an ACR registry. To do so, you need to create an Azure AD role assignment that grants the clusters service principal access to the ACR.
reference:
https://docs.microsoft.com/bs-latn-ba/azure/aks/cluster-container-registry-integration
No comments:
Post a Comment