Share via

Azure IAM Role

Handian Sudianto 5,666 Reputation points
2025-01-15T06:27:07.44+00:00

Hello,

I assign a user as network contributor and as reader, but why this user is able to doing write operation such as create VM, turn off the VM etc?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
862 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manu Philip 18,706 Reputation points MVP
    2025-01-15T06:50:43.7433333+00:00

    Hi Handian Sudianto,

    It's a good idea to evaluate the assigned roles to the user and the group that user belongs. Looks like the user has got some other privilages also

    User's image

    User's image

    Hope this helps.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. Andreas Baumgarten 115.9K Reputation points MVP
    2025-01-15T07:38:55.4466667+00:00

    Hi @Handian Sudianto ,

    in addition to @Manu Philip.

    You can check the assigned RBAC roles of an user in the Azure Portal including roles assigned by a group membership.

    User's image

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.