Managing Access and Roles in ADF

Learn about access control in ADF, including user, group, role, and permission management, using Azure Portal and Azure CLI.

ADF excels in handling access and roles for its resources, a vital aspect of safeguarding sensitive data. Ensuring only authorized users access resources is key to controlling actions and data views. Here we'll explore diverse methods for managing access and roles in Azure Data Factory.

Azure IAM services

Azure Identity and Access Management (IAM) is a service that provides centralized management of users, groups, and permissions across all Azure services. It is used to control and manage access to Azure resources by defining security principals (users, groups, and applications) and assigning them roles that grant specific permissions to access resources.

The following are the different IAM services offered by Azure:

  1. Azure Active Directory (AAD): This is an identity and access management service that provides authentication and authorization services for applications and services running in Azure. It can be used to manage user identities, secure access to applications and services, and provide single sign-on across multiple applications. To use Azure AD for authentication in Azure Data Factory, we must first create an Azure AD application and a service principal. The service principal represents the application and is used to authenticate the application to Azure Data Factory. We can then use RBAC to assign roles to users and groups within Azure AD.

  2. Role-based access control (RBAC): This is a service that provides access management to Azure resources. It allows us to assign permissions to users, groups, and applications at different levels (subscription, resource group, or resource) based on predefined roles or custom roles.

  3. Azure Resource Manager (ARM): This is a management service that provides a unified API for managing Azure resources. It provides a common infrastructure for managing and deploying Azure resources and enables role-based access control for resource management.

  4. Azure Policy: This is a service that provides governance for Azure resources. It allows us to create, assign, and manage policies that enforce rules and standards for resources. We can use policies to enforce compliance, security, and management of resources across Azure.

  5. Azure Conditional Access: This is a service that provides policy-based access control for Azure resources. It allows us to set conditions that must be met before a user can access a resource. We can use conditional access policies to protect sensitive data, enforce compliance, and control access to resources.

  6. Azure Security Center: This is a unified security management service that provides advanced threat protection across Azure workloads. It provides security recommendations, threat detection, and advanced analytics to help identify and mitigate security threats.

  7. Resource locks: These are another important tool for managing access and roles in Azure Data Factory. Resource locks allow to prevention of accidental deletion or modification of critical resources within the data factory. There are two types of locks:

    1. Delete: This lock prevents users from deleting the locked resource.

    2. Read-only: This lock prevents users from modifying the locked resource.

Get hands-on with 1300+ tech skills courses.