Add and remove roles and tasks for Microsoft Azure and Google Cloud Platform (GCP) identities
This article describes how you can add and remove roles and tasks for Microsoft Azure and Google Cloud Platform (GCP) identities using the Remediation dashboard.
Note
To view the Remediation tab, your must have Viewer, Controller, or Administrator permissions. To make changes on this tab, you must have Controller or Administrator permissions. If you don't have these permissions, contact your system administrator.
View permissions
On the Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.
From the Authorization System Type dropdown, select Azure or GCP.
From the Authorization System dropdown, select the accounts you want to access.
From the Search For dropdown, select Group, User, or APP.
To search for more parameters, you can make a selection from the User States, Permission Creep Index, and Task Usage dropdowns.
Select Apply. Microsoft Entra ID displays a list of groups, users, and service accounts that match your criteria.
In Enter a username, enter or select a user.
In Enter a Group Name, enter or select a group, then select Apply.
Make a selection from the results list.
The table displays the Username Domain/Account, Source, Resource and Current Role.
Add a role
On the Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.
From the Authorization System Type dropdown, select Azure or GCP.
From the Authorization System dropdown, select the accounts you want to access.
From the Search For dropdown, select Group, User, or APP/Service Account, and then select Apply.
Make a selection from the results list.
To attach a role, select Add role.
In the Add Role page, from the Available Roles list, select the plus sign (+) to move the role to the Selected Roles list.
When you have finished adding roles, select Submit.
When the following message displays: Are you sure you want to change permission?, select:
- Generate Script to generate a script where you can manually add/remove the permissions you selected.
- Execute to change the permission.
- Close to cancel the action.
Remove a role
On the Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.
From the Authorization System Type dropdown, select Azure or GCP.
From the Authorization System dropdown, select the accounts you want to access.
From the Search For dropdown, select Group, User, or APP/Service Account, and then select Apply.
Make a selection from the results list.
To remove a role, select Remove Role.
In the Remove Role page, from the Available Roles list, select the plus sign (+) to move the role to the Selected Roles list.
When you have finished selecting roles, select Submit.
When the following message displays: Are you sure you want to change permission?, select:
- Generate Script to generate a script where you can manually add/remove the permissions you selected.
- Execute to change the permission.
- Close to cancel the action.
Add a task
On the Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.
From the Authorization System Type dropdown, select Azure or GCP.
From the Authorization System dropdown, select the accounts you want to access.
From the Search For dropdown, select Group, User, or APP/Service Account, and then select Apply.
Make a selection from the results list.
To attach a role, select Add Tasks.
In the Add Tasks page, from the Available Tasks list, select the plus sign (+) to move the task to the Selected Tasks list.
When you have finished adding tasks, select Submit.
When the following message displays: Are you sure you want to change permission?, select:
- Generate Script to generate a script where you can manually add/remove the permissions you selected.
- Execute to change the permission.
- Close to cancel the action.
Remove a task
On the Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.
From the Authorization System Type dropdown, select Azure or GCP.
From the Authorization System dropdown, select the accounts you want to access.
From the Search For dropdown, select Group, User, or APP/Service Account, and then select Apply.
Make a selection from the results list.
To remove a task, select Remove Tasks.
In the Remove Tasks page, from the Available Tasks list, select the plus sign (+) to move the task to the Selected Tasks list.
When you have finished selecting tasks, select Submit.
When the following message displays: Are you sure you want to change permission?, select:
- Generate Script to generate a script where you can manually add/remove the permissions you selected.
- Execute to change the permission.
- Close to cancel the action.
Next steps
- For information on how to view existing roles/policies, requests, and permissions, see View roles/policies, requests, and permission in the Remediation dashboard.
- To view information about roles/policies, see View information about roles/policies.