Data Platform Tips 73 - Protecting Stream Analytics jobs

Most Azure services, including Stream Analytics, are managed by the Azure Resource Manager (ARM) API. This API includes how users and groups are granted access to interact with services, called Access Control (IAM). Role-Based Access Control (RBAC) is used to grant access to ARM resources.

Three main RBAC roles are

• Owner - Provides access to manage everything about the resource, including access.
• Contributor - Provides access to manage everything about the resource except for access.
• Reader - Provides access to view all information about the resource, but not change anything.

Other roles include

• Log analytics contributor - Provides access to read all monitoring data and edit monitoring settings, including settings for Azure Log Analytics and Diagnostics.
• Log analytics reader - Provides access to read all monitoring data, including settings for Azure Log Analytics and Diagnostics.
• Monitoring Contributor - Provides access to read all monitoring data and edit monitoring settings.
• Monitoring Reader - Provides access to read all monitoring data.
• User access Administrator - Provides access to manage user and group access to the resource.