![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 65%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHW%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
808 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
There is no public documentation for steps which includes steps on how to migrate to RBAC from classic administrators.Because RBAC is the recommended way to manage access to Azure resources, and it provides more granular control over permissions than the classic administrator roles.
In RBAC there is only have one owner role and one contributor role on subscription level. These roles are highest privileged role in RBAC on the subscription level. Other built-in roles are used to handle other resources like, VM's, storage etc.
Depending on what access you need, specific permissions are defined RBAC roles.
However, you can follow below steps to migrate from classic administrators to RBAC,
- Login to Azure portal with admin account that you always use.
- First find out how many classic administrators account are assigned for your subscription.
- Use the Azure portal to get a list of your Co-Administrators.
- If you have any service administrators then you can assigned then Owner role in RBAC.
Below are highest privileged roles in RBAC,
- Search for subscription in search bar on Azure portal.
- Access your subscription and click on the specific subscription under which you want to perform migration.
- Click on Access control (IAM) blade on the left pane.
- Click on "Add" and then click on "Add role assignment".
- Now click on "Privileged administrator roles" tab.
- Select "Owner" role from the list and click next.
- In the next tab you can select user to whom you want to assign the "Owner" role. (You can make any user account as owner, using which you will login to Azure portal with full access on Azure)
- In the next page select the 3rd Option "Allow users to assign all roles".
- Click next and follow the instructions on screen.
This way you can migrate from classic administrators to RBAC.
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.