Scenario
- Create a user and give him the full access to Virtual Machines
- In Reality we might need users to have set of different access and assigning multiple role assignments for users at different levels might be difficult
- One way of solving this problem is to use groups and give multiple role assignments to the group and add users to groups
- Lets create two groups
- developers: will have full access to Virtual Machines, Networking, Storage Accounts
- testers: will have read only access to Virtual Machines, Networking, Storage Accounts
- Add ram to developers and robert and rahim to testers group
- Navigate to Azure Active Directory and select groups and create group
- Now assign roles at subscription level to the groups
- Now lets test access for testers (login as any user)
Creating Custom roles in Azure
- Steps for Creating a custom role
- Determine the permissions you need
- Understand the syntax of role definition Refer Here
- Create the custom role
- Test the custom role
- Custom Role 1: Create a Custom role (Virtual Machine Operator) which gives the user access to start, stop and restart virtual machines. view the virtual machines
- Refer Here to understan the resource provider operations
- Now add to role assignment
- Ensure powershell or cli is installed on your machine Refer Here