Azure RBAC controls access to Azure RM resources.
Roles are assignable collections of permissions.
All resources support the basic ARM permission model:
- Reader allows read-only examination of a resource's properties.
- Contributor allows reading and writing resource properties.
- Owner allows full control.
Roles can be assigned at the subscription, resource group and resource scopes, along with resource-specific or custom roles.