Use Resource Group delegation#
Security · Subscription · Rule · 2020_06 · Important
Use RBAC assignments on resource groups instead of individual resources.
Description#
Azure provides a flexible delegation model using RBAC that allows administrators to grant fine grained permissions using roles to Azure resources. Permissions can be scoped to management group, subscription, resource group or individual resources.
Recommendation#
Consider using RBAC assignments on resource groups instead of individual resources.
Links#
- Avoid granular and custom permissions
- What is Azure role-based access control (Azure RBAC)?
- Best practices for Azure RBAC