Final answer:
To view logs for Azure RBAC, access the Azure Activity Log in the Azure Portal, filter the log by 'Administrative' in the Category filter, and look for RBAC-related operations. You can also export logs for analysis and set up alerts for real-time RBAC event notifications.
Step-by-step explanation:
To view logs for Azure RBAC (Role-Based Access Control), you'll typically use the Azure Activity Log, which maintains records of all provisioning and operational activities carried out in Azure resources, including those related to RBAC. Here's how to access and view these logs:
- Navigate to the Azure Portal at portal.azure.com.
- Go to the Azure Activity Log by searching for 'Activity Log' in the search bar or by finding it through the Monitor service.
- Once in the Activity Log, filter the view by the desired time range, resource group, resource type, or other specific criteria.
- To specifically view RBAC-related activities, you can use the 'Category' filter and select 'Administrative' to see actions that include changes in access permissions.
- If you want to view log entries related to role assignments or changes, you can further filter by the 'Operation' or look for operations like 'Microsoft.Authorization/roleAssignments/write' or 'Microsoft.Authorization/roleAssignments/delete'.
- Additionally, you can export the logs to a storage account, Event Hubs, or log analytics workspace for long-term retention, further analysis, or integration with third-party SIEM tools.
In addition to manual viewing, you can also set up alerts for specific RBAC-related events, allowing for real-time notifications when such activities occur.