I am not experiencing this problem so my conclusion is either you do not have Contributor access, you haven't correctly logged or there are some restrictions on the subscription. You need to login to your own tenant, not the customer one. You can create resources from any blade for example if you search for Virtual machines and open that blade you can create VMs from there by just choosing the subscription of your customer. That is of course if all of the above are correct.
Hello All,
I gave Contributor role (on a subscription) to users via Lighthouse to manage a customer. The users get access with no problem to the customer subscription, can start and stop VM, create a resource group, start and stop backup, etc.
The problem arises when I want to create for instance a storage account (or a new VM). The portal goes to marketplace and then I am not able to add anything else as if I couldn't contact the subscriptions.
Can you please advise.
Thank you in advance for your reply
3 answers
Sort by: Most helpful
Stanislav Zhelyazkov 26,781 Reputation points MVP
2024-06-20T08:21:52.6466667+00:00 -
Tristano,G,Giuseppe,JBP12 R 91 Reputation points
2024-07-09T09:34:41.31+00:00 Hello there,
and thank you both. I am now able to correctly operate even when creating things.
One interesting matter to remark in my opinion is the follow.
I granted Contributor access to customer's subscription through a group called SYS.
SYS is of course in the ManagedBy tenant in which I invite guest users. I invited my work account which is ******@bt.com and two private account one ******@yahoo.it and the second is ******@gmail.com.
Only my work account which is on a Microsoft ExtraID works. This is, anyhow, my desired behaviour hence I will mark your last reply as a successful answer.
Thank you once again and best regards
AnuragSingh-MSFT 21,491 Reputation points
2024-07-08T07:32:10.2033333+00:00 @Tristano,G,Giuseppe,JBP12 R, thank you for posting this question. As Stanislav mentioned, this could be only related to insufficient permissions assigned to the user of the ManagedBy tenant to access resources in Managed tenant. I got confirmation from the product team that there is no difference related to whether the user is a Guest user added to ManagedBy tenant. As long as the correct role has been assigned, they should be able to perform the operation - even to create resources.
I even tested it with 2 subscriptions and there was no issue observed. The Guest user was given Contributor access at subscription level in my case to test whether it was able to create the storage account.
Hope this helps.
If the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.