RBAC and Azure Websites Publishing

1月 5, 2015 に投稿済み

Senior Program Manager, Azure App Service
The new Role Based Access Control (RBAC) available in Azure enables organizations to easily manage employee and partner access to their cloud resources. More information about RBAC, the Azure Active Directory underlying support, and integration with the Azure preview portal is available at this link. One area where Azure Websites customers can directly benefit from RBAC functionality is managing content publishing contributions. Users with Contributor role access can publish content with their own user deployment credentials. This is an important advantage relative to sharing website resource credentials because RBAC improves the convenience for attributing contributions and the agility for granting and revoking access. This becomes even more relevant for organizations relying on Open Source publishing clients that expect individual deployment credentials rather than a website publish profile.

Role Based Access Example

To onboard a user as a website resource Contributor, select the specific website from the Azure preview portal. Under the Access lens select the Roles part. RBAC and Azure Websites Publishing Add the user as a Contributor. Note that roles can be assigned for individual resources such as this example, as well as for resource groups. Adding an external user results in creating a guest in the directory. A similar workflow starting with the Roles part is available to easily remove access for the website resource. Note that removing a guest from an RBAC role does not result in removing the guest from the directory. RBAC and Azure Websites Publishing A new Contributor user would now be able to select the proper directory from the upper right corner of their Azure preview portal view and browse to the relevant website resource.  The Contributor user can publish changes using their own user deployment credentials.

Local Git Publishing Example

Here is an example for local Git based publishing. The Contributor user can set or reset deployment credentials under the Deployment lens. RBAC and Azure Websites Publishing To clone the website content for a source control enabled website find the Git URL under the Properties blade. RBAC and Azure Websites Publishing After git push operations the Deployments blade will reflect content from the different users. RBAC and Azure Websites Publishing

Website Operations

Content publishing is not sufficient for servicing a website. Diagnostic and servicing operations also benefit from RBAC in the context of Azure Websites because the Contributor role provides access to the SCM website administration end point based on the same user deployment credentials. This includes access to diagnostic tools such as log streaming or operations enablers such as web jobs. RBAC and Azure Websites Publishing