Role-Based Access Control
A system that grants users only the permissions they need by assigning roles to scopes.
Azure Role-Based Access Control (RBAC) enforces least privilege by assigning built-in or custom roles to security principals — users, groups, managed identities, or service principals — at a specific scope. Scopes form a hierarchy of management group, subscription, resource group, and individual resource, with permissions inherited downward. The key exam distinction is that RBAC governs who can perform actions on Azure resources, while Azure Policy governs what configurations resources may have. A user with Owner RBAC rights can still be blocked from deploying non-compliant resources by a deny-effect Policy, since the two controls operate independently and are often layered together in governance designs.
PlayPrepHQ study notes are written and reviewed against primary exam sources. How we create & review content →