This document defines an enterprise-ready RBAC (Role-Based Access Control) model for Azure AI Landing Zone. It covers personas, environments, role mappings across AI/data/hosting/security services, custom roles, automation identities, governance guardrails, and operational workflows. The model follows Least Privilege, Segregation of Duties (SoD), and Environment-Aware Access principles.
Governance Principles
Least Privilege: Grant only the permissions required for each role.
Segregation of Duties (SoD): Separate responsibilities for build, deploy, operate, and secure...
Updated Sep 25, 2025
Version 1.0
Madhur_Shukla
Microsoft
Microsoft