Azure RBAC is now the recommended authorization system for the Azure Key Vault data plane.
Azure RBAC is built on Azure Resource Manager and provides fine-grained access management of Azure resources. With Azure RBAC you control access to resources by creating role assignments, which consist of three elements: a security principal, a role definition (predefined set of permissions), and a scope (group of resources or individual resource).
Azure RBAC offers several advantages over access policies:
- A unified access control model for Azure resource– it uses the same API across Azure services
- Centralized access management for administrators – manage all Azure resources in one view
- Integration with Privileged Identity Management for time-based access control
- Deny assignments – ability to exclude security principals at a particular scope
- More stringent permissions — managing access for users and service principals require Owner or User Access Administrator roles
For more information, please visit Azure role-based access control (Azure RBAC) vs. access policies | Microsoft Learn
