Azure Role Based Access Control

Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

Security principal (who). An object that represents something that is requesting access to resources. Examples: user, group, service principal, managed identity
Role definition (what). Collection of permissions that lists the operations that can be performed. Examples: Reader, Contributor, Owner, User Access Administrator
Scope (where). Boundary for the level of access that is requested. Examples: management group, subscription, resource group, resource
Assignment. Attaching a role definition to a security principal at a particular scope. Users can grant access described in a role definition by creating an assignment. Deny assignments are currently read-only and can only be set by Azure.

You want the external team to collaborate with the internal developer team in a process that’s easy and secure. With Azure Active Directory (Azure AD) business-to-business (B2B), you can add people from other companies to your Azure AD tenant as guest users.

Why use Azure AD B2B instead of the federation?
With Azure AD B2B, you don’t take on the responsibility of managing and authenticating the credentials and identities of partners. Giving access to external users is much easier than in a federation. You don’t need an AD administrator to create and manage external user accounts.