Assign access to Azure carbon optimization (Preview)
Azure carbon optimization uses Azure role-based access control (RBAC) to manage user access to emissions data, recommendations, and resource configurations. Depending on the actions a user needs to perform, they must be assigned one or more of the following permissions:
Permissions overview
View Emissions - Grants access to carbon emissions data. This permission is required at the subscription level.
View Recommendations - Provides access to efficiency and sustainability recommendations. Permissions must be granted separately and can be assigned at the subscription, resource group, or resource level.
Edit Resource Configuration - Allows modifications to resource settings related to carbon optimization. Requires Owner/Contributor permission.
Emissions data access
By default, users with the following roles can view emissions data without requiring other role assignments:
- Subscription Owners
- Subscription Contributors
- Subscription Readers
Users without these roles can gain access by being assigned to the Carbon Optimization Reader role.
Carbon Optimization Reader role
The Carbon Optimization Reader role is designed for users who only need to view emissions data without access to recommendations, other service metrics, or the ability to change resource configurations. This role is ideal for IT sustainability teams or professionals who require visibility into carbon emissions data.
The role isn't intended for people that need to access recommendations or modify resource settings.
Assign the Carbon Optimization Reader role
To assign the Carbon Optimization Reader role to a user, follow these steps:
- Sign In: Go to the Azure portal and sign in with an account that has Owner or Contributor permission at the subscription level.
- Select Subscription: Choose the subscription for which you want to grant emissions data access.
- Open IAM Panel: From the left menu, select Access Control (IAM).
- Add Role Assignment: Select + Add and then select Add role assignment. A new pane opens where you assign a role.
- Select Role: In the Role list, search for Carbon Optimization Reader and select it.
- Assign to User: In the Assign access to list, select User, group, or service principal. Select the Select members option, search for the user or group to assign to the role, and then select the Select option.
- Review and Assign: Review your selections and select Review + Assign to complete the process.
The user now has access to view emissions data. However, they might not be able to access recommendations or modify resource configurations, depending on access. Refer to the following table to determine if other roles are needed to view recommendation modify resource configurations.
Roles and permissions
The following table outlines the access permissions associated with each role:
| Role | View emissions | View recommendations | Edit resource configuration |
|---|---|---|---|
| Subscription Owner | ✔️ | ✔️ | ✔️ |
| Subscription Contributor | ✔️ | ✔️ | ✔️ |
| Subscription Reader | ✔️ | ✔️ | ✘ |
| Resource Group Owner | ✘ | ✔️ | ✔️ |
| Resource Group Contributor | ✘ | ✔️ | ✔️ |
| Resource Group Reader | ✘ | ✔️ | ✘ |
| Resource Owner | ✘ | ✔️ | ✔️ |
| Resource Contributor | ✘ | ✔️ | ✔️ |
| Resource Reader | ✘ | ✔️ | ✘ |
| Carbon Optimization Reader | ✔️ | ✘ | ✘ |
Note
Permissions are assigned at the subscription level only. For more information, see Assign Azure roles using the Azure portal.