question

jasejackson-8080 avatar image
0 Votes"
jasejackson-8080 asked jasejackson-8080 commented

Azure SQL Virtual Machine - AD/User Access

Can a SQL VM machine be added to a Azure Resource Group whereby only a select group of users have access to the VM machine excluding the tenant Admin. To reiterate the list of users that can access the VM machine differ to the tenant admin who would be unable to access the VM machine; unless granted the login details?

I understand this is maybe at odds with general practice however it would be helpful to understand whether the security model supports such a situation.

azure-ad-tenantazure-ad-user-managementazure-sql-virtual-machines
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered jasejackson-8080 commented

@jasejackson-8080
Thank you for your post!

You should be able to accomplish these tasks by using Azure Role Based Access Control (RBAC). Azure RBAC helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. You can enable Azure RBAC at the management group, subscription, resource group, or resource level.

When it comes to denying your tenant admin rights, you can easily do so by using Azure deny assignments.

21731-iam.jpg


Please let me know if you have any other questions.
Thank you for your time and patience!

Additional Links:
List Azure role assignments using the Azure portal


iam.jpg (37.5 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@jasejackson-8080
I just wanted to check in and see if you required additional assistance or if you were able to resolve this issue?

0 Votes 0 ·

Thank you. I will investigate today and feedback.

0 Votes 0 ·