Azure Storage: Attribute-based Access Control (ABAC) conditions with principal attributes now in public preview
Published date: 09 December, 2021
Attribute-based access control (ABAC) is an authorisation strategy that defines access levels based on attributes associated with security principals, resources, requests and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments expressed as a predicate using these attributes. This update to the preview enables the use of Azure AD custom security attributes for principals in role assignment conditions. You can now use combine principal attributes with resource and request attributes in your condition expressions.
Managing hundreds or thousands of role assignments for a subscription or a resource can be difficult. Use of these custom security attributes for principals in role-assignment conditions can help you reduce the number of role assignments on your storage account, and make them easier to manage. You can scale the management of role assignments using role assignment conditions that match attributes of a principal to attributes of the storage resource being accessed.