{"id":"entra-identity-to-authorization-chain","text":"Azure identity-to-authorization follows a two-stage chain with distinct lifecycle and evaluation models: Entra provides identity through either a two-object app/service-principal model (manual lifecycle) or managed identities (auto-lifecycle tied to resource), then RBAC provides authorization through additive union of all role assignments evaluated against ARM scope hierarchy — identity type determines lifecycle complexity while role assignment scope determines access breadth.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"entra-identity-to-authorization-chain","truth_value":"IN","reason":"premise"}]}}