15 Feb 2016

Azure Automation Role based Access Control (RBAC)

Since December 24th, Azure Automation supports RBAC. We really asked Microsoft to implement this enhancement, as lots of sensitive information and code may live within an Azure Automation account. Assets are used to store credentials, variables, connection objects. As you might have more and more contributors to the system, you probably don’t want to share all your credential objects to anyone writing automation runbooks. Before RBAC, the only way was to create multiple Automation accounts, but of course this introduced other difficulties.

Now, here’s where you access the RBAC component.

We have 5 different roles, to which we can assign users.  

Role Permissions
 Runbooks Resources Roles / Access
Owner  Edit Edit Edit
Contributor  Edit Use within Runbooks
Reader  Read  Read  Read
Automation Operator  start / stop /suspend / resume  —  —
User Access Administrator Edit

Key component behind the scenes is of course ARM (Azure Resource Manager).

Although you can’t define different access levels on single objects, you have the possibility to delegate Asset-Management to a security department, while still be able to have more Runbook authors contributing to your automation solutions.