Scenario

• Create a user and give him the full access to Virtual Machines
• In Reality we might need users to have set of different access and assigning multiple role assignments for users at different levels might be difficult
• One way of solving this problem is to use groups and give multiple role assignments to the group and add users to groups
• Lets create two groups
  • developers: will have full access to Virtual Machines, Networking, Storage Accounts
  • testers: will have read only access to Virtual Machines, Networking, Storage Accounts
• Add ram to developers and robert and rahim to testers group
• Navigate to Azure Active Directory and select groups and create group
• Now assign roles at subscription level to the groups
• Now lets test access for testers (login as any user)

Creating Custom roles in Azure

• Steps for Creating a custom role
  1. Determine the permissions you need
  2. Understand the syntax of role definition Refer Here
  3. Create the custom role
  4. Test the custom role
• Custom Role 1: Create a Custom role (Virtual Machine Operator) which gives the user access to start, stop and restart virtual machines. view the virtual machines
  • Refer Here to understan the resource provider operations
  • Now add to role assignment
• Ensure powershell or cli is installed on your machine Refer Here