Saturday, September 28, 2019

Add or change Azure subscription administrators

To manage access to Azure resources, you must have the appropriate administrator role. Azure has an authorization system called role-based access control (RBAC) with several built-in roles you can choose from. You can assign these roles at different scopes, such as management group, subscription, or resource group. By default, the person who creates a new Azure subscription can assign other users administrative access to a subscription.
This article describes how add or change the administrator role for a user using RBAC at the subscription scope.
Microsoft recommends that you manage access to resources using RBAC. However, if you are still using the classic deployment model and managing the classic resources by using Azure Service Management PowerShell Module, you'll need to use a classic administrator.
 Tip
If you only use the Azure portal to manage the classic resources, you don't need to use the classic administrator.

Assign a subscription administrator

To make a user an administrator of an Azure subscription, an existing administrator assigns them the Owner role (an RBAC role) at the subscription scope. The Owner role gives the user full access to all resources in the subscription, including the right to delegate access to others. These steps are the same as any other role assignment.
If you're not sure who the account administrator is for a subscription, use the following steps to find out.
  1. Open the Subscriptions page in the Azure portal.
  2. Select the subscription you want to check, and then look under Settings.
  3. Select Properties. The account administrator of the subscription is displayed in the Account Admin box.

To assign a user as an administrator

  1. Sign in to the Azure portal as the subscription owner and open Subscriptions.
  2. Click the subscription where you want to grant access.
  3. Click Access control (IAM).
  4. Click the Role assignments tab to view all the role assignments for this subscription.
    Screenshot that shows role assignments
  5. Click Add > Add role assignment to open the Add role assignment pane.
    If you don't have permissions to assign roles, the option will be disabled.
  6. In the Role drop-down list, select the Owner role.
  7. In the Select list, select a user. If you don't see the user in the list, you can type in the Select box to search the directory for display names and email addresses.
    Screenshot that shows the Owner role selected
  8. Click Save to assign the role.
    After a few moments, the user is assigned the Owner role at the subscription scope.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Lab 09: Publish and subscribe to Event Grid events

  Microsoft Azure user interface Given the dynamic nature of Microsoft cloud tools, you might experience Azure UI changes that occur after t...

  • ASP.NET MVC 5 - Import/Export CSV File
    Import/export of any file type is the basic need of any development environment whether web development, desktop development or applicatio...
  • SQLite Syntax
    Here we will learn some of basic sqlite syntaxes with examples and set of rules to use tables, comments, naming conventions, reserve keywo...
  • What is JIRA Workflow
    Workflow is a set of activities which are performed to track the status and the transition of an issue during the lifecycle of an issue. ...