Azure RBAC Custom Role Best Practices or Common Build Patterns
As a platform admin, I want to grant application admins Contributor access while removing their ability to write or delete most Microsoft.Network resource types, with a few exceptions such as Private Endpoints, Network Interfaces, and Application Gateways. Based on the effective control plane permissions logic, we designed two custom roles. The first role is a duplicate of the Contributor role, but with Microsoft.Network//Write and Microsoft.Network//Delete added to notActions. The second role adds back specific Microsoft.Network operations using wildcarded resource types, such as Microsoft.Network/networkInterfaces/*. Application Admin Effective Permissions = Role 1 (Contributor - Microsoft.Network) + Role 2 (for example, Microsoft.Network/networkInterfaces/, Microsoft.Network/networkSecurityGroups/, Microsoft.Network/applicationGateways/write, etc.) I understand that Microsoft RBAC best practices recommend avoiding wildcard (*) operations. However, my team has found that building roles with individual operations is extremely tedious and time-consuming, especially when trying to understand the impact of each operation. Does anyone have suggestions for a simpler or more maintainable pattern for implementing this type of custom RBAC design?Best practice and the approach for application migration to cloud?
I am seeking guidance and insights regarding cloud migration and adoption strategies from a senior Enterprise Architect or Solutions Architect at a high-level. An existing business application is running in the on-premises Data Centre. Which major considerations and approaches would you take if you migrated the application to the public cloud (Azure)? How can we ensure it is well-architected and meets business requirements? Any assistance or recommendations you could provide would be immensely appreciated.
Enriching stream data by reference data in stream analytics task
I have a task of streaming client actions. I need to add some fields from the client reference. Clients are stored in Synapse. I see that reference data is adding via file or Azur SQL in the streaming task. What's the best way to do it, via a file or a database? How do I create / update a file / table? Using the Data Factory on the trigger to insert a new client into the Synapse?
