In Azure Stack Hub, you can form or invite users and groups similar to the way you do in Azure Active Directory (Azure AD). You can assign users directly, but most of the time, Microsoft prescribes gathering users in a group and assigning that group.
2. Creating Users and Groups
To create a user, navigate to Azure Active Directory in the Azure portal, and go to the User settings. Click on “New user”. Fill out the information like name, username, etc.
To create a group, again head to Azure Active Directory in Azure portal. Then go to the groups pane, click on “new group”, and complete the required information.
3. How to Assign Users and Groups in Azure Stack Hub
To assign users or groups to a role, you first need to decide if you’ll grant access at the subscription level or resource level. Once that’s decided, navigate to the portion for either User assignments or Group assignments. Click “Add”, and on the pane that pops over to the right, pick the user or group you want to assign, and then select the appropriate role.
4. Roles in Azure Stack Hub
You must be aware of two predefined roles in Azure Stack Hub – Owner and Contributor. An Owner has permissions on all resources and can delegate permissions to others. A Contributor can manage all resources, but can’t delegate permissions.
| Role | Permissions |
|---|---|
| Owner | Has permissions on all resources and can delegate permissions to others. |
| Contributor | Can manage all resources, but can’t delegate permissions. |
5. Managing the lifecycle of a user in Azure Stack Hub
For lifecycle management, Azure AD automatically signs in a user or device and handles password changes, providing credential validation for both on-premises and Azure deployments.
In conclusion, assigning users and groups in Azure Stack Hub involves creating users and groups, deciding the roles to provide for these users and groups, and finally, assigning them the roles either at the subscription level or the resource level. Understanding this functionality can go a long way in your preparation for the AZ-600 exam.
Practice Test
True or False: You can assign roles to users or groups at different levels of scope in Azure Stack Hub.
– True
– False
Answer: True
Explanation: Azure Stack Hub inherits the same Role-Based Access Control (RBAC) model as Azure. This model allows you to assign roles to users or groups at different levels of scope, such as the management group, subscription, resource group, or individual resources.
Which of the following levels of scope are available when assigning roles to users or groups in Azure Stack Hub?
– A. Subscription
– B. Management Group
– C. Resource Group
– D. All of the above
Answer: D. All of the above
Explanation: You can assign roles at different levels of scope in Azure Stack Hub, such as the management group, subscription, resource group, or individual resources.
True or False: You can assign users to groups in Azure Active Directory and then assign those groups to roles in Azure Stack Hub.
– True
– False
Answer: True
Explanation: Users can be assigned to groups in Azure AD. You can then assign those groups a role in Azure Stack Hub, giving those users the permissions associated with that role.
Which statement best describes the function of ‘Built-in roles’ in Azure Stack Hub?
– A. They specify a set of permissions for a particular resource
– B. They synchronize permissions between Azure and Azure Stack Hub
– C. They provide updated permissions on a regular basis
– D. None of the above
Answer: A. They specify a set of permissions for a particular resource
Explanation: Built-in roles in Azure Stack Hub specify a set of permissions that can be assigned to a user or group to access specific resources.
True or False: Custom roles are not supported in Azure Stack Hub.
– True
– False
Answer: False
Explanation: Azure Stack Hub does support custom roles. Azure administrators have the flexibility to define their own roles tailored to their business needs.
True or False: The same set of roles are predefined in Azure and Azure Stack Hub.
– True
– False
Answer: False
Explanation: While some roles are the same, Azure Stack Hub has a unique set of roles reflecting the differences between Azure and Azure Stack Hub.
When a user is assigned a role at the subscription level, they also gain access to __________.
– A. All resource groups and resources within that subscription
– B. Only certain resources within that subscription
– C. Only certain resource groups within that subscription
– D. None of the above
Answer: A. All resource groups and resources within that subscription
Explanation: When a user is assigned a role at the subscription level, they inherit access to all resource groups and resources within that subscription.
In Azure Stack Hub, what does Role-Based Access Control (RBAC) enable you to do?
– A. Monitor system health
– B. Implement authentication and authorization
– C. Manage system settings
– D. All of the above
Answer: B. Implement authentication and authorization
Explanation: Role-Based Access Control is a system that provides fine-grained access management of resources in Azure Stack Hub, enabling you to implement authentication and authorization.
How many levels of scope are available when assigning roles in Azure Stack Hub?
– A. 1
– B. 2
– C. 3
– D. 4
Answer: D. 4
Explanation: Azure Stack Hub supports four levels of scope for role assignment: Management Group, Subscription, Resource Group, and Resource.
True or False: Users cannot be removed from a role in Azure Stack Hub.
– True
– False
Answer: False
Explanation: Users can be added and removed from roles in Azure Stack Hub according to the business needs and security requirements.
Interview Questions
What is Azure Stack Hub?
Azure Stack Hub is a hybrid cloud platform that enables you to provide Azure services from your own datacenter. This helps to meet regulatory or technical requirements related to data location and latency.
How can you assign users to Azure Stack Hub?
Users can be assigned to Azure Stack Hub via Azure Active Directory. These users should be added to the Azure Active Directory of the Azure subscription that’s associated with Azure Stack Hub.
How can you assign roles to users in Azure Stack Hub?
Roles can be assigned to users in Azure Stack Hub using the Azure Stack Hub user portal or via the Azure Stack Hub administrator portal.
What are the key roles in Azure Stack Hub?
There are three key roles in Azure Stack Hub: the Cloud Operator who operates the cloud infrastructure, the Azure Stack Hub operator who performs daily operations, and the user or tenant who uses the services.
Is it possible to assign a group in Azure Stack Hub?
Yes, groups can be assigned in Azure Stack Hub. You would need to create the group in Azure Active Directory and then you can assign it to the services in Azure Stack Hub.
What is the purpose of delegating providers in Azure Stack Hub?
Delegated providers in Azure Stack Hub enable service administrators to delegate specific regions and offers to other service administrators. This allows for fine-grained control and admin delegation.
Can we use Azure Active Directory B2C with Azure Stack Hub?
No, Azure Active Directory B2C is not supported with Azure Stack Hub.
How can I customize identity providers in Azure Stack Hub?
Azure Stack Hub supports the customization of identity providers via federation with Azure Active Directory. This can be achieved by setting the correct federation settings in the Azure Stack Hub administration portal.
Can Azure Stack Hub be integrated with on-premises Active Directory?
Yes, Azure Stack Hub can be integrated with on-premises Active Directory by setting up an Active Directory Federation Services (ADFS) federation.
Does Azure Stack Hub support multi-factor authentication?
Yes, Azure Stack Hub supports multi-factor authentication when integrated with Azure Active Directory.
What is the use of Role-Based Access Control (RBAC) in Azure Stack Hub?
RBAC in Azure Stack Hub helps manage who has access to Azure resources, what they can do with these resources, and what areas they have access to. RBAC is the system that assigns and enforces who has what permissions in Azure Stack Hub.
What happens if a user is removed from Azure Active Directory, who was also a user in Azure Stack Hub?
If a user is removed from Azure Active Directory, their access to Azure Stack Hub is also revoked as Azure Stack Hub relies on Azure Active Directory for authentication.
What are plans and offers in Azure Stack Hub?
In Azure Stack Hub, offers contain one or more plans, and each plan consists of one or more services. Service administrators create offers, and users subscribe to these offers.
Can Azure Stack Hub be integrated with external systems for identity management?
Yes, Azure Stack Hub can be integrated with external systems like Active Directory through ADFS and Azure Active Directory.
What is the role of a Tenant in Azure Stack Hub?
A Tenant in Azure Stack Hub is an end user who accesses the services offered by the cloud. Tenants can create and manage resources based on the offers to which they have subscribed.
extutorials.com