Role Based Access Control
Role based access control for both the Admin Site and the Tenant Site. A Microsoft Azure configuration might then also become a possibility where there is a single portal (Admin and Tenant merged) where the permissions are forced through RBAC
Azure Stack as a product will support RBAC capabilities just like Azure. To clarify, it will not be coming as a feature in our in-market Azure Pack.
Andreas Ramseier commented
Please add SMA also to the RBAC of the Azure Stack
Why do you mention Azure Stack, is RBAC Support planned for Azure Pack ? We want granullar permissions for co-admin feature (We tried TAC4WAP but it has to many flaws)
Our Customer is asking for it to be able to assign features to their power users based on their roles and to be able to desactivate the quick create button from the tenant portal for some users.
Jan Bogdanovich commented
Could you make RBAC same as in new Azure Portal based on Resource Groups.
This is something that our customers are asking for. They want to delegate different tasks to their sysadmin teams and make sure that duties are separated.
Steve Syfuhs commented
I would also recommend considering CBAC (Claims-based) so that would give admins more room to configure permissions. Roles are very limiting from an authz perspective and can make things overly complicated in some scenarios. With CBAC, admins can still configure based on roles, but a role would simply be a claim, and the authz decision would be on the presence of the claim not on membership in the role. This would let admins configure more advanced or granular rules for things like policy-based decisions at the STS (ADFS or 3rd party). E.g. blocking resource creation/deletion from all IP ranges but abc-xyz by having the STS output a given claim when the user is connecting from a PC on a given subnet.