Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
708 questions
1 answer
If I were to use Azure AD instead, is it possible that I can create a group of users, and within the group, different users gain access to different resources (yes/no)? If yes, how?
If I were to use Azure AD instead, is it possible that I can create a group of users, and within the group, different users gain access to different resources (yes/no)? If yes, how?
asked 2021-03-19T03:46:36.057+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 91%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYJ%3C/text%3E%3C/svg%3E)
Yeap Jie Zhi Mark
141
Reputation points
commented 2021-03-25T15:38:43.71+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee
1 answer
What role can be assigned to my app to regenerate cosmos db keys.?
i want to regenerate cosmos key using post request .like this{ https://video2.skills-academy.com/en-us/rest/api/cosmos-db-resource-provider/2020-06-01-preview/databaseaccounts/regeneratekey} but i cant find a proper role to assign to my app so it can get…
asked 2021-03-08T16:33:28.657+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 2%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Tushar
1
Reputation point
answered 2021-03-24T19:58:46.83+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
36,141
Reputation points Microsoft Employee
1 answer
See all the things
Is there a role in Azure that allows me to see EVERYTHING from the root of our Azure environment all the way down to the individual resources (i.e VMs, WAFs, WAF Logs, every single setting on networks, etc) for every subscription that has been created…
asked 2021-03-23T19:59:43.063+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 97%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Michael A Wade
1
Reputation point
commented 2021-03-24T15:19:26.553+00:00
Michael A Wade
1
Reputation point
2 answers
One of the answers was accepted by the question author.
What do you mean by "one user to manage VMs and another user to manage VMs."?
In RBAC, what do you mean by "Allow one user to manage VMs and another user to manage virtual networks."? Are these separated?
asked 2021-03-22T08:15:59.16+00:00
Yeap Jie Zhi Mark
141
Reputation points
answered 2021-03-22T09:01:07.877+00:00
Yeap Jie Zhi Mark
141
Reputation points
3 answers
One of the answers was accepted by the question author.
Permission to run Synapse Spark pool
I have a role as Contributor in a Synapse Analytics workspace. I add a new Notebook (only 1 cell), but when I try to run it I get the error: Failed to start session:…
asked 2021-03-04T20:16:18.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 84%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Johnny Humphrey
186
Reputation points
commented 2021-03-18T15:16:50.417+00:00
Johnny Humphrey
186
Reputation points
1 answer
RBAC Automation with Powershell
I am looking to see if anyone has a script that uses excel spreadsheet contents to assign roles to user accounts within Azure AD rather than adding the roles one at a time. Ideally, the spreadsheet would have a list of the usernames and the roles to…
asked 2021-03-12T16:00:26.297+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 97%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sean Murphy
1
Reputation point
answered 2021-03-12T21:01:43.307+00:00
Marilee Turscak-MSFT
36,141
Reputation points Microsoft Employee
1 answer
Contributor Access to Subscription and Resource Group
Hi, Can you please refer me to the Microsoft documents that clearly spell out:\ 1. With Contributor access to Subscription - what the user Not able to do? 2. With Contributor access to Resource Group - what the user Not able to do? Thanks
asked 2021-03-08T01:43:05.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 21%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Ming
6
Reputation points
answered 2021-03-08T08:29:16.763+00:00
Vaibhav Chaudhari
38,676
Reputation points
1 answer
Subscription - Contributor Access
Hi, With contributor access on Subscription-level (i.e. Sub A), is a user able able to create (sub) subscription within that Subscription (Sub A)? Thanks
asked 2021-03-08T07:54:43.933+00:00
Ming
6
Reputation points
answered 2021-03-08T08:00:31.87+00:00
Vaibhav Chaudhari
38,676
Reputation points
1 answer
Resolve directory users that Azure ClassicAdministrators
I'm trying to list all the permissions of users in an Azure subscription using Microsoft.Authorization API and I faced an issue with the ClassicAdministrators API. The API returns the user's email address and PUID and since the email is not reliable…
asked 2021-03-01T10:52:17.287+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
commented 2021-03-08T07:54:37.863+00:00
Anonymous
2 answers
One of the answers was accepted by the question author.
Azure RBaC
Hello I have given say user A OWNER access at the management group level. It means anything below such as subscription - resource group etc user A will have access beacuse of Parent-Child relationship. My question is it possible to restrict access of…
10 answers
Storage Gen2 API in Postman
Hi , I am new to Azure Portal and would like to use the Azure Gen2 API to create the files on storage. I have been able to generate the access token in Postman - [https://login.microsoftonline.com/]()<tenant id>/oauth2/v2.0/token I now have access…
asked 2020-12-23T23:58:09.51+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 31%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Shiv Khullar
1
Reputation point
answered 2021-03-05T12:32:26.663+00:00
Sumarigo-MSFT
44,906
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
What could be the best role in my case?
I need to be in a role where I can join VMs to the domain and nothing else. Is there such a role or something similar? It seems like the management wants to minimize the privileges as much as possible. There are just too many roles in the list, I am not…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 25%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
1 answer
RBAC in PHP application(hosted as Azure App Service)
Hello Team, We are assessing on prem PHP application to move to Azure App service. Currently we have implemented folder based permission for Authorization flow in the application, where we create groups in AD, add users to it & provide permission…
asked 2021-02-08T04:51:40.943+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 33%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Soni
291
Reputation points Microsoft Employee
commented 2021-02-26T13:50:59.967+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
VipulSparsh-MSFT
16,251
Reputation points Microsoft Employee
1 answer
How to give different permission to different Resource Group automatically based on some RG naming convention in Azure
Hi, I am creating different Resource Group like (rg-dev-department, rg-test-department) in one subscription. I want to give different permission to different users based on resource group name like contributor permission to DEV RG and reader…
asked 2021-02-22T13:53:51.987+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 51%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
sachin sangal
1
Reputation point
commented 2021-02-24T17:16:25.063+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee
1 answer
Need some Expert advice to understand how is Contrubitor permissions inferior to Admin
We have a project where it needs VM's, AKS, Casandra, APIs and postgre. the project owner needs to keep the admin role. And is offering a contributor access to access this corporate set up for Azure. While i reviewed the documentation and understand the…
asked 2021-02-18T11:48:39.73+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 28.000000000000004%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Javed Balganoor
1
Reputation point
commented 2021-02-23T18:21:31.9+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee
0 answers
How do I sign into LEAF and create a new profile
I have installed LEAF for translation, but I cannot sign in and create a profile as per my client's instructions. The instructions say that I should see a sign-in window when opening LEAF for the first time, but it does not appear. It just opens and when…
asked 2021-02-07T13:46:33.807+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 79%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
madakako
1
Reputation point
commented 2021-02-08T19:23:43.967+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Give a service access (like Azure Storage) to a AAD created by subcription
Hi there, I am a user inside my home tenant of my company. Now I am assigned with a subscription for Enterprise DEV/TEST. I can access to Storage Service with my company account under company tenant. I create an Azure AD with the subscription…
asked 2021-02-03T11:01:06.667+00:00
Michyo Song
31
Reputation points
commented 2021-02-05T08:21:24.723+00:00
Michyo Song
31
Reputation points
1 answer
I created a role but cannot delete it
Hi, I worked with 5-exercise-manage-custom-roles and create a role, and assignment for it. But now I cannot find any assignment (by portal or azure CLI) but it isn't possible to delete the role since it has assignments... Thanks, Assaf
asked 2021-02-03T15:56:11.263+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 67%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Assaf Katz
21
Reputation points
commented 2021-02-04T07:18:35.32+00:00
Assaf Katz
21
Reputation points
1 answer
Integrate with Azure for user access control in hierarchy for Azure Cloud Services
Hi there, I am aiming to integration with our products' users to leverage their permission setting by administrator on Azure. User mapping and Cloud Service (in whole Azure marketplace) access control in hierarchy are the most important work to do. …
asked 2021-01-28T17:21:15.477+00:00
Michyo Song
31
Reputation points
commented 2021-01-31T14:56:06.203+00:00
Michyo Song
31
Reputation points
1 answer
Log Analytic Workspace - Permissions in Enterprise
We are in the process of planning our RBAC for a new Azure environment within an Enterprise scale organisation. I'm trying to determine how we best provide access to logs. Within the non-production environments, it seems that the resource-context…
asked 2021-01-28T10:12:39.757+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 12%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
a8ree1
21
Reputation points
answered 2021-01-29T12:08:22.76+00:00
VipulSparsh-MSFT
16,251
Reputation points Microsoft Employee