Azure resource sharing among multiple users

Question

I have created few resources under Startup Subscription, however even after trying many times and many options, I am unable to add another user to see these resources and use them (e.g. DB Creation, App deployment etc.). Can you please suggest the steps to make it happen?

Answer 1

Hi,

If you would like other users to have access to your Azure subscription resources, you need to assign them roles at the desired scope.

For example, you could create a resource group, navigate to it in the Azure portal, click Access control (IAM) blade, Add -- Add role assignment -- Privileged administrator roles tab, select Contributor, click Next, select the user account, etc.

The above is an example of assigning a role at resource group scope. You could instead assign a user a role on the subscription (aka subscription scope), which would flow down to all the resource groups in the subscription. You also have resource scope, which is assigning roles to a resource itself (storage account, key vault, virtual machine, etc.).

What is Azure role-based access control (Azure RBAC)?

https://learn.microsoft.com/en-us/azure/role-based-access-control/overview

Exactly which Azure RBAC roles you assign to users and at what scopes will depend on your specific needs. As a rule of thumb you want to follow principal of least privilege and only grant just enough permissions to each user for them to do their job. The more granular you are with permissions the more work/difficult it is. It is a tradeoff.

There's way more to Azure RBAC than I have described above. Below article has some best practices, and when reading article take a look on left navigation for other key concepts.

Best practices for Azure RBAC

https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices

Please click Accept Answer and upvote if the above was helpful.

Thanks.

-TP