Access Control
Date | Version | Changes |
---|---|---|
Nov 29, 2021 | v1.0.1 | Updated wording of 1.3 made it easier to understand. |
Nov 27, 2021 | v1.0.0 |
|
This convention describes how to manage access control to your resources in Azure. Users, Service Principals and Managed Identities will here be shortened to Users.
1.1 Users MUST NOT be assigned direct access to resources.
1.2 Users MUST NOT be assigned direct access to resource groups.
1.3 Users MUST be assigned access to user groups.
2 Component User Group
2.1 A resource group MUST have a component user group.
2.2 Component user groups MUST follow this format.
{project}-{component}-{environment}-contributor-ug
2.3 Environment SHOULD be simplified to dev/prod
.
dev
is short fordev
andtest
prod
is short forstage
andprod
3 Project User Group
3.1 A project user group MAY be created to simplify user access assignments.
3.2 Project user groups MUST follow this format.
{project}-{environment}-contributor-ug
3.3 Project User Groups MUST be added as members to corresponding component user groups, and not assigned access directly to the resource group.