Skip to main content
NOW AVAILABLE

Azure Key Vault Access Configuration Update

Published date: May 23, 2023

Azure RBAC is now the recommended authorization system for the Azure Key Vault data plane.

Azure RBAC is built on Azure Resource Manager and provides fine-grained access management of Azure resources. With Azure RBAC you control access to resources by creating role assignments, which consist of three elements: a security principal, a role definition (predefined set of permissions), and a scope (group of resources or individual resource).

Azure RBAC offers several advantages over access policies:

  • A unified access control model for Azure resource-- it uses the same API across Azure services
  • Centralized access management for administrators - manage all Azure resources in one view
  • Integration with Privileged Identity Management for time-based access control
  • Deny assignments - ability to exclude security principals at a particular scope
  • More stringent permissions -- managing access for users and service principals require Owner or User Access Administrator roles

For more information, please visit Azure role-based access control (Azure RBAC) vs. access policies | Microsoft Learn

  • Security