Microsoft released a valuable new Azure feature in December of 2021: custom security attributes. This feature is still in preview.
Custom security attributes enable organizations to define new attributes to meet their needs. These attributes can be used to store information or, more notably, implement access controls with Azure attribute-based access control (ABAC).
Azure ABAC, which is also in preview, enables an organization to define access rules based on the value of an object’s attribute. For example, you can grant access to a particular resource to all users that have the custom attribute ‘Project’ set to ‘Beta’.
Adopting Azure custom security attributes is very easy. They are available tenant-wide, can support various data types, and can be single or multi-valued. They can be applied to users, applications and managed identities.
There seem to be some limitations with implementing custom security attributes for dynamic role assignments — the only roles that seem to be able to be granted conditions to access resources so far seem to be ones that contain actions related to storage blobs.
This includes Storage Blob Data Contributor, Storage Blob Data Owner and Storage Blob Data Reader, as well as any custom roles that provide the same set of actions as those three roles.
Despite this limitation, the custom attribute functionality is a huge step forward toward making fine-grained access control available and easy to configure.
If this information is helpful to you read our blog for more interesting and useful content, tips and guildelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be asiisting you with your query.
Content curated by the team of COMPUTER 2000 on the bases of marketing materials provided by our partners/vendors.
Follow us to learn more
CONTACT US
Let’s walk through the journey of digital transformation together.