Lab 9: Role-Based Access Control (RBAC)
Student Name: Daniel Wanjama
Student ID: ADC-CSS02-25012
Introduction
This lab demonstrates how to implement Role-Based Access Control (RBAC) in Microsoft Azure. RBAC restricts access based on user roles, enforcing the principle of least privilege. Youβll create security groups, assign roles, validate access, and review governance policies β all within a real-world cloud security scenario.
Objectives
- Create role-specific security groups
- Assign users to appropriate groups
- Apply RBAC using built-in Azure roles
- Validate access control through VM management
- Review audit logs and policy compliance
- Reinforce least privilege and governance principles
Walkthrough
π₯ Step 1: Create Security Groups
Three security groups were created:
- Senior Admins β Member: Joseph Price
- Junior Admins β Member: Isabel Garcia
- Service Desk β Member: Dylan Williams
Screenshot:
Page 2 β Creating security groups and assigning members
π Step 2: Assign RBAC Roles
Assigned the Virtual Machine Contributor role to the Service Desk group.
Steps:
- Navigate to the resource group
- Open Access Control (IAM)
- Click + Add role assignment
- Select Virtual Machine Contributor
- Assign to Service Desk group
- Save and confirm
Screenshots:
Page 3 β Assigning role to Service Desk group
Page 4 β Role assignment confirmation
π§ͺ Step 3: Validate Access Control
Logged in as a Service Desk member to test access:
- Able to start, stop, and restart VMs
- Blocked from deleting or modifying critical resources
Screenshots:
Page 5 β VM dashboard visible to Service Desk user
Page 6 β Starting VM with contributor privileges
Page 7 β Attempt to delete VM blocked due to insufficient permissions
π§ Step 4: Review Role Assignments
Verified role assignments across all groups:
- Senior Admins: Full access
- Junior Admins: Read-only access
- Service Desk: VM Contributor only
Screenshot:
Page 8 β Role assignments overview for all groups
π‘οΈ Step 5: Governance and Compliance Check
Reviewed access governance policies and audit logs:
- Confirmed alignment with least privilege
- Validated audit trail and role boundaries
- Ensured compliance with internal security standards
- Reviewed policy enforcement and alerts in Azure Security Center
- Verified that role assignments were logged and traceable
Screenshots:
Page 9 β Reviewing RBAC policy compliance
Page 10 β Azure Security Center highlighting RBAC configuration
Page 11 β Audit log showing role assignment and access activity
Summary of Pages 12β25
From page 12 onward, the lab dives deeper into:
- Policy enforcement testing: Simulated access attempts by unauthorized users
- Role reassignment scenarios: Temporarily elevated privileges and revocation
- Security alerts: Triggered by misconfigured access or failed login attempts
- Compliance dashboard: Reviewed Secure Score and identity recommendations
- Documentation and reporting: Exported audit logs and role assignment history for governance review
- Reflection: Emphasized the importance of RBAC in Zero Trust architecture and operational security
These sections reinforce the hands-on validation of RBAC principles and demonstrate your ability to manage identity governance in a production-grade Azure environment.
Conclusion
This lab showcased the practical implementation of Role-Based Access Control in Azure. By creating structured security groups and assigning scoped roles, we enforced access boundaries that align with Zero Trust principles. The Service Desk groupβs ability to manage VMs without elevated privileges demonstrated how RBAC supports operational efficiency while minimizing risk.
Through this hands-on exercise, I reinforced my understanding of identity governance, access management, and secure cloud operations β essential skills for any cloud security professional.