Secure access to assets and asset endpoints

Assets and asset endpoints in Azure IoT Operations have representations in both the Kubernetes cluster and the Azure portal. You can use Azure role-based access control (Azure RBAC) to secure access to these resources. Azure RBAC is an authorization system that enables you to manage access to Azure resources. You can use Azure RBAC to grant permissions to users, groups, and applications at a certain scope.

OT users can use the operations experience to create and manage assets and asset endpoints. IT administrators can use the Azure portal or the Azure CLI to manage access to these resources.

This article describes how to use the Azure portal and the Azure CLI to configure Azure RBAC on assets and asset endpoints.

Prerequisites

To configure Azure RBAC on assets and asset endpoints, you need access to the Azure subscription where Azure IoT Operations is deployed.

Configure Azure RBAC on assets and asset endpoints

The Azure resources that represent assets and asset endpoints are created in the Azure subscription where Azure IoT Operations is deployed. You can view these resources in the Azure portal and configure Azure RBAC on them. By default, asset endpoint resources are hidden in the Azure portal. To view asset endpoint resources, enable the Show hidden types option in the Azure portal. The following screenshot shows the thermostat asset and op-cua-connector-0 asset endpoint from the quickstarts:

To configure access to an asset or asset endpoint in the Azure portal, select the resource and then select Access control (IAM):

To learn how to configure Azure RBAC on Azure resources such as assets and asset endpoints, see What is Azure role-based access control?.

You can also use the following tools to configure RBAC on your resources:

• PowerShell
• Azure CLI
• Azure Resource Manager templates
• Bicep

Related content

• Connector for OPC UA overview
• az iot ops asset
• az iot ops asset endpoint