Azure Role-Based Access Control (RBAC) allows you to manage access to Azure resources by assigning roles to users, groups, and applications.  - **Key Features:** - **Role Assignments:** Grant specific permissions to users, groups, or applications. - **Scope Levels:** Assign roles at different levels such as management groups, subscriptions, resource groups, and resources. - **Least Privilege Principle:** Grant users the minimum permissions they need to perform their tasks. - **Custom Roles:** Create custom roles if built-in roles do not meet specific needs. - **Additive Model:** Effective permissions are the sum of all role assignments. - **Design Considerations:** - **Role Definitions:** Clearly define each role and its permissions. - **Group Assignments:** Assign roles to groups rather than individual users for easier management. - **Policy Integration:** Use Azure policies alongside RBAC for effective access control. - **Overlapping Roles:** Be aware of overlapping role assignments and their cumulative effect.