Great explanation. Sound like simple for an experienced DBA. Still need to hold it till it mixes in my blood. Great explanation. I really love CBT Nuggets guys. I learned ITIL V3 Foundation from you guys.
If we give read permission with a subscription scope won't it get inherited to the all resource group and resources inside that subscription? Why you are individually assigning role to resource group and resources ?
It is surprising how counterintuitive Azure can be at times. From an Azure main perspective Chris is a "reader" but that doesnt stop him to delete resources as he got admin access to a particular service? Is crazy at times
Hey, I have 2 doubts here. 1. If we assign the 'reader' role for the whole subscription, should we not be able to view everything in it ? 2. I see that you assigned user chris with the 'owner' role only for the 'storage' resource group, but then as you logged in as Chris, how were you able to view 'azure-monitor' and 'cosmos' resource groups ? Thanks in advance!
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
Great explanation. Sound like simple for an experienced DBA. Still need to hold it till it mixes in my blood. Great explanation. I really love CBT Nuggets guys. I learned ITIL V3 Foundation from you guys.
Exactly what I needed. Straight to the point. Thank you so much!
If we give read permission with a subscription scope won't it get inherited to the all resource group and resources inside that subscription? Why you are individually assigning role to resource group and resources ?
was thinking the same
Haha he won’t answer this
I just checked you are right. I gave reader access at subscription level and was able to read all resources groups and resources under it
Thanks for mentioning this.
@@coding3438 Not only this one, he did not answer for any single comment
The way you explain its really easy many thanks
Really helpful and to the point. Thanks a lot !
Well, Explained! can you also explain what the difference between RBAC and Azure AD Roles
It is surprising how counterintuitive Azure can be at times. From an Azure main perspective Chris is a "reader" but that doesnt stop him to delete resources as he got admin access to a particular service? Is crazy at times
Hey, I have 2 doubts here.
1. If we assign the 'reader' role for the whole subscription, should we not be able to view everything in it ?
2. I see that you assigned user chris with the 'owner' role only for the 'storage' resource group, but then as you logged in as Chris, how were you able to view 'azure-monitor' and 'cosmos' resource groups ?
Thanks in advance!
Got to be a video editing error.
Useful and concise, thank you.
Great video!
Great video, thanks!
Good job, thanks !!
Great! Thanks!
Really easy although the user shouldn’t be able to even see the list of RGs the user is not authorized for..